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Open File Manager” 


Just add it to your current backup solution and... 


= No more skipped or corrupted open files during backups. 


= Local and remote users won’t get locked out of their applications 
or chased off the network. 


& Use the same Open File Manager license even if you change your backup 
software, change applications or switch between NetWare and NT Servers. 


www.stbernard.com 
1-800-782-3762 


For more information, visit http://advertise.nwconnection.com. 


PHOTO COURTESY OF U.S. COAST GUARD 


O 
: \ y 
ST. BERNARD 
SOFTWARE 


The St. Bernard logo and Open File Manager 
are trademarks of St. Bernard Software Inc. 
All other trademarks and registered trademarks 
are hereby acknowledged. 


NETWARE. 


CONNECTION 


October 1998 


COVER STORY page 6 


BorderManager 3.0 is a better 
way to manage the borders of 
your network. 


NUI Editorial Committee 

Chip DiComo Geoff May 
Jose Luiz Muzzupappa Ray Osburn 
Jan Sladek 

Managing Editor 

Debi Pearson 

Senior Technical Editor 

Dennis Fredette 

Editor 

Leslie Miller 

Assistant Editor 

Emily Johnson 

Art Director 

Debbie Sume 


2 > NetWare Connection October 1998 


The 
Magazine for 
Novell, Networking 


Professionals 


ical hi eM 2 ee 
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Take an in-depth look at the features and benefits of Novell’s 
BorderManager 3.0. From BorderManager FastCache, which speeds 
up users’ access to the Internet and to intranets, to new security 
features that ensure the safety of the network, BorderManager 3.0 
has what you need to effectively manage the borders of your com- 
pany’s network. 
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Managed Networks 

With Novell Directory Services (NDS) and Zero Effort Networks 
(Z.E.N.works), an easy-to-manage network is more than a dream—it’s 
a reality. Discover how Z.E.N.works and NDS can make your com- 
pany’s network transparent to users and easier for you to manage. 
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Backing Up Your Critical Data 
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LETTERS TO THE EDITOR 


Backing Up 

Mickey Applebaum’s article “Backing Up NDS” (NetWare Connection, 
Aug. 1998, pp. 43-45) explained how to back up Novell Directory Services 
(NDS) information with backup software run from the server. Because of the 
inherent problems associated with having the backup system attached to a 
device that might fail, I have never been a fan of this strategy. Attaching 
the backup system on a workstation avoids numerous problems but has its 
own weaknesses. 

How would you recommend backing up NDS with a workstation-based 
backup system? Can the information be dumped to a file that can be backed 
up (and restored, if necessary)? 

Martin Forbes 


You cannot back up NDS from a workstation because workstations cannot sup- 
port server-based Storage Management Services (SMS) functions, which are re- 
quired to back up NDS. You can set up a standalone, run-time server (two-user 
license) or a five-user server as the backup station. However, the inherent problems 
of backing up across the wire (including lost or dropped data, lost communication 
links, and performance problems) do not make this solution a reliable means of 
backing up. 

The only exception is if you are backing up five or more servers to one computer 
that holds multiple tape drives and you are running data streams concurrently to dif- 
ferent devices. In this case, the cost savings versus the potential problems changes 
the balance. 

Mickey Applebaum, author 


Good Work! 

I just wanted to take a moment to say what a pleasure it is to read NetWare 
Connection. The articles are consistently clear and informative, providing time- 
ly information in a concise way. If only all publications were this enjoyable! 

Keep up the good work. 

Ben Price 


I would like to commend you for your excellent overview of the changes 
that are taking place in the computer industry and their implications for the 
future. “Service Location Protocol: Discovering Services in a Pure IP Environ- 
ment” by Laura Chappell in particular was concise and excellent (NetWare 
Connection, July 1998, pp. 32-37). 

Keep up the good work! 

Jimmy Castro 


Clarification 


In the September issue, “Novell News” featured an agreement between Novell 
and Eicon Technology (NetWare Connection, p. 43). Unfortunately, our report may 
have been misleading. As a result of this agreement, Eicon Technology’s WAN 
adapters, EiconCard P62 for NetWare, and EiconCard P92 for NetWare are listed 
in the Third-Party Solutions section of Novell’s Price List. (The product code for 
EiconCard P62 for NetWare is 310-246, and the product code for EiconCard P92 
for NetWare is 310-247.) In addition, Eicon Technology is authorized to use the 
Novell red box brand to sell these WAN adapters. 

To support these WAN adapters, Novell has included the WAN drivers 
with NetWare 5. However, the WAN adapters themselves are sold separately. 

For more information about EiconCard P62 for NetWare and EiconCard 
P92 for NetWare, visit Eicon Technology’s World-Wide Web site at http:// 


www.eicon.com. @ 
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Advertisement 


Outsource the Man 
of Your GroupWise 


> DAYTON, OH—Novell’s GroupWise 5.2 advanced gateways allow 
experienced GroupWise administrators to offer their users features 
like web and telephone access to their e-mail as well as the ability to 
send and receive faxes and pages directly from the GroupWise client. 
Although many of these gateways have been available for years, cost, 
installation, maintenance, and hardware have prevented many Group- 
Wise administrators from taking advantage of these features. 


> Enter Allegro, a leader in innovative corporate messaging solu- 
tions. Allegro now makes it possible for GroupWise administrators 
to outsource the management of all their GroupWise gateways— 
with no additional software or hardware investment. 


> How does Allegro do it? With a single IP address, GroupWise 5.2 
can establish TCP/IP links over the Internet to an unlimited number 
of users and other GroupWise agents. It is also possible to establish 
an external link to Allegro via the Async gateway if an IP connection 
is not available. Companies can then take advantage of the gateways 
maintained at Allegro’s world-class Network Operations Center. 


> Web Access. With an IP link between Allegro’s GroupWise Web 
Access gateway and your GroupWise POA, all your users can easily 
access their corporate GroupWise mailbox from any web browser— 
without using the remote client and the Async gateway dial-up. 


> Outbound Fax. An IP connection between Allegro’s GroupWise Fax 
gateway and your GroupWise MTA is all that’s needed for your users 
to send faxes directly through their GroupWise desktop. Users simply 
type fax:{fax number} in the “To” line of their e-mail screen, attach 
the document to a GroupWise message and press the Send button. 
Allegro delivers the fax and returns a status message to the sender. 
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Inbound Fax. A dedicated fax number or DID is established for 
each company at Allegro’s site. When Allegro receives a fax at this 
number, it is immediately attached to a GroupWise message and 
routed via IP to the recipient's GroupWise mailbox. 


Pager. The Pager gateway enables messages to be sent to a user's 
alphanumeric pager. Important messages can be automatically for- 
warded to a pager using rules. Users can also send pages without 
knowing a long pager PIN number. Simply typing pager: {GroupWise 
User ID} in the “To” field sends the message to the user’s pager in- 
stantly. The setup is just like the other gateways—an IP connection 
between the MTA and Pager gateway. 

TAS. The Telephone Access Server (TAS) allows GroupWise users to 
listen to their messages via a telephone, pay phone, or cell phone. 
Users simply call Allegro’s TAS gateway, and the system tells them the 
number of unread messages, reads the subject line(s), and tells how 
long it will take to read the body of each message and any attach- 
ments. Users can forward the message to a fax machine or another 
user. Or users can generate an immediate reply: the TAS creates a 
WAV file attached to the reply message. As with the other gateways, 
these features are available with an IP connection between Allegro 
and the POA of the users’ post office. 


GroupWise system administrators can begin offering the features of 
these gateways within just a few hours of contacting Allegro. All 
you need is an IP connection to the Internet or an Async gateway. 
For additional information on how you can start taking advantage 
of the exciting functionality of these gateways—without having to 


worry about any of the maintenance—contact Allegro today at 
(800) 209-6245. Or visit their web site at http://www.allegro.net. 
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It doesn't take a miracle to get you 
on the Internet. In fact, it only 
takes about 30 minutes. If you're 
running GroupWise® and aren't 
tied into the Internet, call us right 
now, and by the end of the day 
you will be. Using the GroupWise 
Async Gateway and a modem, 
AllegroNET™ puts you in touch 
with Heaven and Earth. Or at least 
Earth. You're on your own to get 


in touch with Heaven. 


©1998 Allegro AllegroNET 1s a trademark of Allegro, and GroupWise 1s a registered trademark of Novell, Inc 


Call Allegro at 1°800°209°6245 or visit our web site at www.allegro.net Your first two weeks are free 


For more information, visit http://advertise.nwconnection.com. 
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hen NetWare Connection introduced you to Novell’s Bor- 

derManager 18 months ago, the term border was relative- 
ly new in the networking industry. Now this term is widely 
used to refer to the points at which a network meets another 
network. External borders, such as the border between your 
company’s network and the Internet, are typically secured with 
a firewall to guard against hacker attacks—that is, attacks 
launched by unauthorized users. 

Interestingly, hacker attacks are not as common as insider 
attacks, which involve trusted, authorized users. In fact, the 
1998 Annual Industry Survey conducted by Information Security 
reveals that employee access abuses are one of the most com- 
mon security breaches (second only to viruses). Specifically, 54 
percent of companies that participated in the 1998 Annual In- 
dustry Survey experienced a security breach involving an em- 
ployee, while only 12 percent of these companies experienced a 
hacker attack. (Information Security is the official publication of 
the International Computer Security Association, or ICSA, 
formerly known as the NCSA. To read the 1998 Annual In- 
dustry Survey, go to http://www.icsa.net/magazine, and select the 
June 1998 option from the Archived Articles menu.) 

You can reduce the chances of experiencing an insider at- 
tack by strengthening security on the internal borders be- 
tween your company’s departmental networks. And you can 
use BorderManager 3.0 to help you do the job. (For more in- 
formation about protecting internal borders, see “Keep the 
Home Mini-Firewalls Burning” on p. 14.) BorderManager 3.0 
is the latest version of BorderManager, the only integrated 
family of directory-based network services that centrally man- 
ages, secures, and accelerates users’ access to information at 
every network border—internal and external alike. 
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As with previous versions of BorderManager, BorderMan- 
ager 3.0 enables you to implement mini-firewalls at depart- 
mental borders. Naturally, you can also use BorderManager 3.0 
to secure your company’s Internet border. 

Furthermore, because BorderManager 3.0 remains fully inte- 
grated with Novell Directory Services (NDS), you can easily 
control users’ access through these borders. For example, by us- 
ing the BorderManager snap-in module for Novell’s NetWare 
Administrator (NWADMIN) utility, you can control where 
users go on your company’s network or the Internet, when 
they can go there, and what level of access they have once 
they get there. You can also control when and which users 
can access your company’s network from the Internet. 

Of course, you could use any version of staan 
to secure internal and external borders. So what’s new in 
BorderManager 3.0? In short, BorderManager 3.0 is the same, 
only better. BorderManager 3.0 is faster, more secure, and 
more convenient to manage than previous versions of Border- 
Manager. With BorderManager 3.0, Novell has enhanced 
BorderManager’s three strong suits: performance, Spcuritys 
and management. 


HTTP AND FTP—YOU’LL WANT THAT IN CACHE | 

Although BorderManager has many valuable features, it is 
perhaps best known for BorderManager FastCache, Novell’s 
proxy cache. In fact, today more than four million users use 
BorderManager FastCache to speed users’ access to the Inter- 
net or an intranet, to accelerate a World-Wide Web site, and 
to reduce network bandwidth requirements. 

Previous versions of BorderManager offered oul an HTTP 
proxy cache and an HTTP accelerator, which you can use to 
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Everyone has priorities in life and 
BuoView 


NOSadmin 


sometimes it’s difficult to keep them all 


straight. One simple way to squeeze in a little more free time is 
with BindView EMS. It scrutinizes your network, pinpoints risks 
to network integrity, helps you quickly address daily operational 
issues, and then provides reports that are easy to understand 
and distribute. BindView EMS also looks at hundreds of risks 
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that other security products ignore. C’mon, use your time for 


better things, and let BindView worry about your network. 
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store pages requested from HTTP, FTP, 
or Gopher servers. Using a feature called 
normal caching, or passive caching, the 
HTTP proxy cache allows you to store 
pages that internal users request from 
external web sites (such as web sites on 
the Internet). Using a feature called 
acceleration, or reverse caching, the 
HTTP accelerator allows you to store 
pages that external users request from 
internal web sites (that is, web sites on 
your company’s intranet). 

In addition to the HTTP proxy 
cache and the HTTP accelerator, Bor- 
derManager 3.0 now includes an FTP 
proxy cache and an FTP accelerator. As 
a result, BorderManager 3.0 performs 
FTP caching when users are accessing 
FTP through a native FTP application. 
Because previous versions of Border- 
Manager included only an HTTP proxy 
cache and an HTTP accelerator, these 
versions performed FTP caching only 
when users accessed FTP through a 
web browser. 

You can use the BorderManager snap- 


in module for the NWADMIN utility to 


set caching options for the HTTP and 
FTP proxy caches and for the HTTP and 
FTP accelerator. (See Figure 1 on p. 10.) 
The passive and reverse caching options 
are the same for HTTP and FTP. For ex- 
ample, you can configure the following 
options: 


¢ The location of the cache 

e The maximum size of pages stored 
in cache 

¢ The number of minutes, hours, or days 
BorderManager 3.0 should wait before 
retrieving a page again from the origi- 
nal web site 

e Pages you do not want to cache 


Fetch! 

All of these options allow you to cus- 
tomize BorderManager FastCache for 
your company’s network and make Bor- 
derManager FastCache fast. But just how 
fast can BorderManager FastCache be? 
In a keynote address at BrainShare 98 
in Salt Lake City, Drew Major, Novell’s 
chief scientist and vice president of 
advanced development, claimed that 


The NDS Enhancement Company 
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Enhance NDS with powerful features like contextless login— 
quick and easy login from anywhere on the NDS tree, 
single sign-on, customizable login screens and password 
synchronization. Download SFLOGIN today and find out why 


it is installed on over 1,000,000 desktops worldwide. 


SFLOCK 


Secure your Windows® desktop with the NDS password 
and improve security with features such as locking screensavers, 
intruder detection after authentication, administrator override, pass- 


word enhancements, and a network disconnect option. SFLOCK is 


tightly integrated with NDS providing powerful and flexible configuration options. 


www.netoria.com 
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Try either product FREE for 60 days! 
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BorderManager FastCache is capable 

of processing more than 5,000 hits per 
second when configured to run from 
RAM (as opposed to running from the 
hard drive). BorderManager FastCache, 
according to Major, is 5 to 10 percent 
faster than other proxy servers also con- 
figured to run from RAM. (You can view 
a video of Major’s keynote address at 
http://www.novell.com/webcast/98/bs98/ 
index.html#major.) 

Major’s opinion is arguably biased, 
but opinions from unbiased sources are 
notably similar. For example, according 
to Mindcraft Inc., an independent test- 
ing company, BorderManager FastCache 
can process 4,055 hits per second—that’s 
350 million hits per day. 

To place 350 million hits per day in 
context, consider this: In a recent PC 
Week article entitled “Microsoft.com’s 
Poor Performance Frustrates Users,” 
author Norvin Leach implies that Mi- 
crosoft has acknowledged its web site is 
sluggish. According to Leach, Microsoft 
“attributes the problems partly to sky- 
rocketing usage, which officials are 
estimating at 88 million hits per day.” 
(See PC Week, June 30, 1997. You 
can download this article from http:// 
www.zdnet.com/pcweek/archive/1428/ 
pewk0118.html.) 

If Leach’s claim is true, Microsoft’s 
excuse for its web site’s poor perfor- 
mance is both revealing and weak. The 
excuse is revealing because it implies 
that Microsoft’s own proxy cache tech- 
nology is not up to the task of sup- 
porting www.microsoft.com. And the 
excuse is weak because BorderManager 
FastCache can efficiently process nearly 
four times the number of hits per day 
that are apparently slowing Microsoft's 
web site. | 

In BorderManager 3.0, BorderMan- 
ager FastCache is even faster. Border- 
Manager 3.0 now offers two additional 
options for HTTP and FTP caching that 
speed the caching process: 


¢ Read-ahead caching 
e Scheduled batch downloads 


Read-Ahead Caching 

Read-ahead caching, also called active 
caching, is intelligent caching. That is, 
with read-ahead caching, the proxy 
cache makes intelligent assumptions 
about what the web browser will request 
next, such as images on a page. The 


proxy cache automatically requests 
what it assumes the web browser will 
request—and makes that request with- 
out waiting for further instructions from 
the web browser. 

How important are read-ahead capa- 
bilities? A proxy cache without read- 
ahead capabilities will not retrieve an 
object unless the web browser explicitly 
requests the object—no matter how 
obvious it is that the web browser will 
request that object next. For example, 
when a web browser requests a par- 
ticular URL, the proxy retrieves the 
page and stores it in cache. This page 
most likely includes path names to em- 
bedded objects (such as images) that 
the web browser will almost certainly 
request next. 

However, a proxy cache without 
read-ahead capabilities does not antici- 
pate the next request that a web browser 
will make. Instead, this type of proxy 
cache waits for the web browser to open 
the page and to send separate requests 
for embedded objects on that page. 


Of course, a proxy cache with read- 
ahead capabilities makes this retrieval 
process quite a bit faster. For example, 
when a web browser requests a particu- 
lar URL, a proxy cache with read-ahead 
capabilities retrieves the page and, upon 
finding path names to embedded objects, 
retrieves these objects as well. 

When the web browser opens the 
page and sends separate requests for em- 
bedded images, the proxy cache with 
read-ahead capabilities has already re- 
trieved these objects. Thus, the embed- 
ded objects are stored in cache, ready 
to be sent to the web browser in an 
instant. 

In BorderManager 3.0, you enable 
read-ahead caching on the Cache Con- 
trol screen, which you can access by 
clicking the Caching button on either 
the Acceleration screen or the Proxy 
Cache screen in the NWADMIN util- 
ity. (See Figure 1 on p. 10.) BorderMan- 
ager 3.0 offers two read-ahead caching 
options, in addition to the option of dis- 
abling read-ahead caching: 


¢ Read-ahead images embedded in 
the page 

¢ Maximum number of concurrent read- 
ahead requests 


When you select the first option, 
BorderManager FastCache retrieves 
embedded objects on a requested page 
without waiting for the web browser to 
request these objects. 

You can also specify the maximum 
number of concurrent read-ahead re- 
quests, which limit the number of em- 
bedded images that BorderManager can 
retrieve at one time. In this way, you can 
prevent the proxy cache from becoming 
overburdened. 


Scheduled Batch Downloads 

BorderManager 3.0 also offers sched- 
uled batch downloads for the HTTP 
proxy cache and the HTTP accelerator. 
Scheduled batch download capabili- 
ties, like read-ahead caching capabili- 
ties, make BorderManager FastCache 
even faster. 


password synchronization, for users and groups. 
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Figure 1. You can use the snap-in module for the NWADMIN utility to set caching options 


for BorderManager 3.0 servers. 


Scheduled batch download capabili- 
ties allow you to download particular 
URLs when network utilization is low. 
You can use scheduled batch downloads 
to download frequently accessed web 
sites, so BorderManager FastCache is 
always current and contains the web 
sites that users request most often. 

In addition, BorderManager 3.0 
allows you to specify the frequency of 
scheduled batch downloads. For exam- 
ple, you can specify that you want a 
particular download to occur once only, 
once a day, on particular days of the 
week, or during the hours you specify. 
For each URL you want to download 
at a scheduled time, you can also 
indicate how many levels deep Border- 
Manager FastCache should go—that is, 
how many embedded images Border- 
Manager FastCache should retrieve 
and store. 


TIGHTENING UP SECURITY 
AT THE BORDER 

Although BorderManager provides 
caching, it is much more than a proxy 
server. BorderManager also offers several 
firewall security features. All versions of 
BorderManager are well-fortified with 
security features, including network ad- 
dress translation (NAT), packet filter- 
ing, the Novell IP gateway, and the 
HTTP application proxy. With Border- 
Manager 3.0, Novell has enhanced near- 
ly all of these security features and has 
added a new one: alerts delivered via 
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Simple Mail Transfer Protocol (SMTP) 
or Simple Network Management Pro- 
tocol (SNMP). 

Many customers who used previous 
versions of BorderManager reported the 
need for alerts. In fact, Patrick Harr, a 
product manager at Novell, says that 
Novell “received a lot of feedback about 
including an alert mechanism as a core 
feature.” As a result, Harr explains, 
Novell built alerts into BorderManager 
3.0, which can now alert you to partic- 
ular security violations, including var- 
ious denial-of-service attacks and the 
Ping of Death. 

The Ping of Death is notorious for 
bringing down Microsoft’s web site in 
June 1997. The Ping of Death refers to 
an attack that involves sending an un- 
usually large ping packet—larger than 
65,536 bytes—from a remote computer 
to a server. A ping packet, which is 
typically about 65 bytes, contains an 
Echo message. Generally, a server or a 
client uses Internet Control Message 
Protocol (ICMP) to “ping” another 
server or client to check the perfor- 
mance of that server or client. Because 
many systems cannot handle an unusu- 
ally large ping packet, they often crash 
or reboot when faced with one—just as 
Microsoft’s web site did. 

To prevent the Ping of Death from 
wreaking havoc on your company’s net- 
work, BorderManager 3.0 warns you 
when a server has been hit by the Ping 
of Death or by other types of attacks. 


You can then respond immediately to 
attacks that threaten to bring down 
the network. 

You enable alerting by using the 
BorderManager snap-in module for 
the NWADMIN utility. You can then 
specify whether you want BorderMan- 
ager 3.0 to alert only you or to alert 
other people whom you specify as well. 
In addition, you can indicate whether 
you want the alerts delivered by way 
of an e-mail message (using an SMTP 
gateway), by way of a pager (using an 
e-mail-to-pager gateway), or by way 
of messages sent through an SNMP- 
compliant management application, 
such as Novell’s Manage Wise. 


CREATING SECURE RETURN PATHS 

In addition to adding alerting capa- 
bilities, Novell made several enhance- 
ments to the security features available 
in BorderManager 3.0. For example, 
Novell enhanced the following security 
features: 


¢ The packet-filtering firewall 
© The circuit-level gateway 
¢ The application-level gateway 


All versions of BorderManager pro- 
vide a packet-filtering firewall, which al- 
lows you to filter TCP/IP packets based 
on source and destination address, port 
number, and protocol. BorderManager 
3.0, however, includes two new filters. 
Using Novell’s familiar FILTCFG utility, 
which is included with BorderManager 
3.0, you can enable the following filters: 


© Stateful filters 
e ACK bit filters 


State of Security 

Stateful filters automatically create 
return paths for outbound packets, en- 
abling internal users to communicate 
with the outside world while preventing 
unwanted outsiders from initiating ses- 
sions with these users. When you en- 
able a stateful filter, BorderManager 3.0 
automatically creates a return path for 
traffic flowing from the source port 
number and address you specify to the 
destination port number and address 
you specify. You can then block traffic 
originating from a particular port num- 
ber and address while still allowing re- 
turn traffic from that same port number 
and address. 
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Figure 2. You can use generic application proxies to create your own ae for a TCP or 


UDP application. 


Stephen Wau, an engineer at Novell, 
explains stateful filters by using the 
following example: Suppose that you 
wanted to allow users to access external 
FIP servers but you wanted to block 
FTP traffic originating from an external 
source. Enabling a stateful filter for a 
dynamic port range on your private net- 
work interface board and the FTP port 
(21) on your public network interface 
board would do the trick. 

To enable a stateful filter, you would 
use the FILTCFG utility to specify the 
source and destination interfaces, the 
packet type, and the source and destin- 
ation port numbers and IP addresses 
to which this filter should apply. You 
would then simply choose to enable 
the Stateful Filter option. The exam- 
ple below shows the information you 
would specify: 


Src Interface 
Dest Interface 
Packet Type 
Src Port 

Dest Port 
Src Address 
Dest Address 
ACK Bit Filter 
Stateful Filter 
Private 
Public 

TCP 
1024-65535 
21 

Any 
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Any 
Disable 
Enable 


In previous versions of BorderMan- 
ager, you could configure static filters to 
filter inbound traffic originating from 
external sources. Admittedly, static fil- 
ters are a bit faster than stateful filters. 
However, Wu explains, there are two 
advantages to using stateful filters rather 
than static filters to screen traffic origin- 
ating from external sources. One advan- 
tage is that a stateful filter is inherently 
more secure than a static filter because 
there is less chance for human error in 
configuring a stateful filter than in con- 
figuring a static one. 

Why? In order to use a static filter 
to filter inbound traffic originating from 
an external source, you would have to 
configure a total of six filters: two for 
the control channel, two for the PORT 
data channel, and two for the PASV 
command data channel. In contrast, to 
use a stateful filter, you need to config- 
ure only one filter. The convenience 
of enabling one filter versus six filters 


is the second advantage to using a state- 
ful filter. 


Don’t Let "Em In Without ACK 
ACK bit filters (sometimes called 
SYN bit filters) ensure that only 
TCP packets containing the ACK bit 
set can pass through the firewall. To 
better understand how an ACK bit 


filter works, you must first understand 
the handshaking that servers and 
clients use when they establish TCP 
sessions. This handshaking involves an 
exchange of TCP packets containing 
SYN (synchronize) bits and ACK 
(acknowledge) bits. 

The first packet in a TCP session 
contains the SYN bit set and indicates 
a request to open a session. The return 
packet contains the ACK bit set, ack- 
nowledging the receipt of the initial 
SYN packet. This return packet also 
contains a SYN bit set, indicating the 
recipient server's willingness to synchro- 
nize (that is, establish) a session with 
the requesting client. 

For example, suppose that a client on 
your company’s network tried to estab- 
lish a session with an external server. 
The handshaking between the server 
and the client would occur as follows: 


¢ Client A would initiate a La with 
server B by sending a SYN(a) packet 
to server B. | 

¢ Server B would respond by sending an 
ACK(a) packet, along with a SYN(b) 
packet, to Client A. | 

® Client A would finish the handshak- 
ing with an ACK(b) response to ser- 
ver B. 


Now suppose that you wanted to al- 
low users to access external Telnet 
servers. To allow Telnet clients to con- 
nect to Telnet servers, you could con- 
figure a filter. This filter would allow 
outgoing packets from a dynamic port 
range on your private network interface 
board, such as 1025-65535, to access 
port 23 (the port Telnet services typi- 
cally use) on your public network inter- 
face board. | 

You would also need to configure 
a filter that would allow incoming pack- 
ets from port 23 to access dynamic port 
range 1025-65535. However, as Jaya- 
kumar Ramalingam, an engineer at 
Novell, explains, configuring such filters 
creates a “hole because a bad guy could 
use port 23 as a source port to connect 
to services available in the dynamic 
port range on your private ae in- 
terface board.” 

You can plug such holes by enabling 
an ACK bit filter when you create the 
filter to allow incoming packets from 
port 23 bound for the dynamic port 
range 1025-65535. If you enable an 


ACK bit filter in this situation, incom- 
ing packets from port 23 on the public 
interface board would be able to access 
the dynamic port range 1025-65535 
only if these packets contained the 
ACK bit set. In other words, port 23 
could not be used to initiate TCP ses- 
sions using the specified port range be- 
cause packets that initiate TCP sessions 
contain only SYN bits—they don’t con- 
tain ACK bits. 

In short, an ACK bit filter prevents 
incoming packets without ACK bits 
from entering your company’s network. 
As a result, internal users can initiate 
TCP sessions with the outside world, but 
the outside world cannot initiate TCP 
sessions with internal servers or clients. 

Using an ACK bit filter protects 
your company’s network from common 
attacks, such as SYN flooding attacks. 
A SYN flooding attack is a denial-of- 
service attack that a “bad guy” initiates 
by overloading your network with SYN- 
flagged packets and effectively locking 
out legitimate session requests for 


TCP sessions. 


MORE CLIENTS, LESS WORK 

Novell didn’t stop at enhancing its 
packet-filtering firewall, however. When 
creating BorderManager 3.0, Novell also 
enhanced its circuit-level gateway, the 
Novell IP gateway. (For more informa- 
tion about circuit-level gateways, see 
“Great Walls of Fire,” NetWare Connec- 
tion, Jan. 1997, pp. 6-28. You can down- 
load this article from http://www. 
nwconnection.com/jan.97/fire17.) 

The Novell IP gateway in Border- 
Manager 3.0 and in previous versions of 
BorderManager consists of two compo- 
nents: an IPX-to-IP gateway and an IP- 
to-IP gateway. In previous versions of 
BorderManager, the Novell IP gateway 
enabled Windows 95 clients using IPX 
or IP to access the Internet without re- 
quiring you to assign a specific IP address 
to each workstation. (For more infor- 
mation on the Novell IP gateway, see 
“Novell’s Border Services,” May 1997, 
NetWare Connection, pp. 25-36. You can 
download this article from http://www. 
nwconnection.com/may.97/border57.) 
BorderManager 3.0 extends this support 


to Windows 98 clients and Windows NT 
servers and clients. 

If you are already using Border- 
Manager, you might be thinking that 
supporting additional clients means ad- 
ditional work. But that is not the case. 
Unlike previous versions of Border- 
Manager, BorderManager 3.0 supports 
WINSOCK 2.0. As a result, you no 
longer have to replace the WINSOCK 
software running on Windows clients 
with Novell’s own WINSOCK software. 
The Novell IP gateway in BorderMan- 
ager 3.0 supports the WINSOCK soft- 
ware that is already running on Win- 
dows clients. 


PROXY PATROL 

BorderManager has always included 
an HTTP proxy, which is an application- 
level gateway. An application-level gate- 
way provides the highest level of firewall 
security available, enabling you to con- 
trol not only which ports and addresses 
users can access but also which files they 
can access using these ports and ad- 
dresses. (For more information about 


Let's face it. You need to keep up with 
rapidly changing technologies. 


That means more training and finding 
the training method that's best for you. 


CyberState University employs a methodology which has you in 
mind. Training that is truly student-centric. It fits your lifestyle 
so you can learn where, when and how you want. We call it the 
Synergy Learning System™ 

You will learn with courseware and on-line content developed 
by the best minds in the business. Best-selling authors like 
David James Clarke, IV and James Chellis. You will use multi- 
sensory tools, practical application and have access to a virtual 
learning community of students and instructors. 


Contact your personal Admissions Advisor today to learn how 
we can make getting to the top a little easier. 


Start Learning Smarter! 


AN INTERNET CORPORATION 


For more information, visit http://advertise.nwconnection.com. 


FEATURE BorderManager 3.0 


Keep the Home Mini-Firewalls Burning 


Few companies would consider attaching their corporate World- 
Wide Web sites to the Internet without first setting up firewalls for 
protection. Yet most companies feel perfectly comfortable leaving 
their internal web sites unprotected. Most companies seem to be 
under the impression that they are safe within their private net- 
works. After all, they have installed firewalls to protect themselves 
from what they perceive as the real threat: attacks from outsiders. 
However, this perception is far from the truth. 

The truth is that you would be better off leaving your Internet 
connections unprotected than leaving your internal web sites un- 
protected. According to the International Computer Security As- 
sociation (ICSA), more than 80 percent of all security breaches 
involving someone gaining unauthorized access to information 
occur inside of firewall-protected borders. (See Firewall Buyer’s 
Guide at http://www.icsa.net.) 

The implication of this statistic is quite clear: You really need to 
protect your internal web sites. You need to set up mini-firewalls to 
protect your internal borders. BorderManager 3.0 is well-suited for 
the job of protecting internal borders. 


WRAP YOUR INTERNAL WEB SERVERS 

Novell recommends that you use BorderManager 3.0 as a 
“security wrapper” around your internal web servers. One way to 
create a security wrapper would be to place your internal web ser- 
vers on a separate network segment and install a BorderManager 
3.0 server in front of that segment. All traffic to and from those 
web servers would filter through the BorderManager 3.0 server. 

To control access to the web servers, you could use the Bor- 
derManager snap-in module for the NetWare Administrator 
(NWADMIN) utility. Using this utility, you could grant users the 
necessary rights to access information on particular web servers. 
You could grant rights to Organization, Organizational Unit, 
Group, or User objects. Then only users to whom you had granted 
explicit rights could access the information on those web servers. 

Using BorderManager 3.0 to protect your company’s internal 
web servers enables you to make better use of those servers. You 
would no longer be limited to posting only information that anyone 
could access. Instead, you could post information that only certain 
users should access. 

For example, you could post sensitive information such as de- 
signs for next year’s products, payroll information, or your com- 
pany’s financial reports. You could post anything because using 
BorderManager ensures that the information you post is secure. 


LEAVE IT TO NOVELL DIRECTORY SERVICES 

In addition, by using BorderManager to control users’ access to 
your internal web servers, you ensure that users lose rights to ac- 
cess those web servers the moment their Novell Directory Services 


application-level gateways, see “Great 
Walls of Fire,” NetWare Connection.) 
All versions of BorderManager in- 
clude the HTTP proxy to provide this 
degree of control. However, only Bor- 


derManager 3.0 offers the transparent 
HTTP proxy. 
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In previous versions of BorderMan- 
ager, you had to configure each worksta- 
tion’s web browser to ensure those web 
browsers used the HTTP proxy. In con- 
trast, the transparent HTTP proxy in- 
cluded in BorderManager 3.0 allows web 
browsers to use the HTTP proxy without 


(NDS) accounts are disabled. For example, suppose your company 
had several web servers, which were installed on a separate net- 
work segment. Also suppose you were front-ending that) network 
segment with a BorderManager 3.0 server. If an employee were 
fired, you could simply disable this employee's Novell Directory 
Services (NDS) account, and he or she would immediately lose 
access to the BorderManager server and, therefore, to the pro- 
tected network segment. 


SUPPLY THE SPEED YOUR USERS NEED | 

If you use BorderManager to front-end your web servers, you 
can do more than secure access to those servers. You can also 
accelerate access to those web servers. For example, during a 
keynote address at BrainShare ’98 in Salt Lake City, Drew Major, 
Novell’s chief scientist and vice president of advanced develop- 
ment, invited Kent Anderson, director of Novell IS&T, on stage to 
explain how Novell uses BorderManager. | 

Anderson first discussed how Novell uses BorderManager to 
accelerate access at the company’s Internet border. Anderson 
claimed that during the seven months preceding BrainShare ‘98, 
Novell had experienced a 400 percent increase in Internet web 
traffic. According to Anderson, the BorderManager servers that 
Novell had installed had easily handled this increase. 

In addition, Anderson explained that Novell had enabled re- 
verse caching on the BorderManager servers. By having Border- 
Manager servers store information external users requested from 
internal web servers in cache, Novell hoped to reduce actual traffic 
on the internal web servers. 

In fact, Anderson said, the BorderManager servers radieed the 
actual traffic on Novell web servers by 80 percent. “And do you 
know what that means?” Anderson asked Major. “| have saved 
internally over U.S. $200,000 in hardware upgrades because I’m 
still able 9 use the same web servers | bought over a year anda 
half ago.” | 

custel cin Major was understandably impressed with Ander- 
son's report on how Novell was using BorderManager to protect 
and improve performance at external borders, he was more inter- 
ested in hearing about how Novell was using BorderManager to 
protect internal borders. Anderson explained that Novell essen- 
tially used BorderManager on internal borders in the same way it 
used BorderManager on external borders—that is, to secure and 
accelerate access. 

Novell has a cluster of internal web servers collectively called 
InnerWeb. Novell front-ends InnerWeb with several BorderManager 
servers, which according to Anderson, has reduced actual traffic on 
InnerWeb by 50 to 60 percent. In addition, Anderson explained, 
“By using BorderManager in front of our web servers, I’m able to 
post really confidential information out there.” Posting confidential 
information is now possible because that information is safe behind 


the BorderManager firewall on the internal border. @ | 


requiring you to configure these browsers 
on individual workstations. You don’t 
have to configure web browsers on work- 
stations running Novell’s 32-bit client 
software, and you don’t have to configure 
web browsers on workstations that are 
not running this client software. 


All Internet-bound traffic from work- 
stations running Novell’s 32-bit client 
software flows through the BorderMan- 
ager server. When the TCP/IP stack on 
the BorderManager server receives this 
traffic and finds that it is bound for port 
80 (the port HTTP services typically use), 
the TCP/IP stack redirects that traffic to 
the HTTP proxy on the same server. 

For workstations that are not running 
Novell’s 32-bit client software, you do 
have to do some configuring—but not on 
hundreds of individual workstations. In- 
stead, you configure your internal router 
or switch to direct all Internet-bound 
traffic from workstations that are not 
running Novell's 32-bit client software to 
the BorderManager server. By doing so, 
you ensure that users at these worksta- 
tions who try to access HTTP services do 
so “transparently.” The internal router or 
switch routes HTTP traffic from these 
workstations to the BorderManager ser- 
ver. In addition, when the TCP/IP stack 
on the BorderManager server receives 
traffic bound for port 80 from worksta- 
tions not running the 32-bit client soft- 
ware, the TCP/IP stack redirects that 
traffic to the HTTP proxy. 


More Proxies, More Security, 
More Control 

The bad news is you must configure 
applications on individual workstations 
to use the other proxies available in 
BorderManager 3.0. Which brings us to 
the good news: BorderManager 3.0 in- 
cludes seven new application proxies, in 


addition to the HTTP proxy: 


e An FIP proxy 

e An SMTP/Post Office Protocol 3 
(POP3) proxy 

e A Network News Transfer Protocol 
(NNTP) proxy 

e A Domain Naming System (DNS) 
proxy 

e A Real Audio/Real Video proxy 

e A generic TCP proxy 

e A generic User Datagram Protocol 
(UDP) proxy 


The generic TCP proxy and the 
generic UDP proxy allow you to create 
your own proxies for any TCP or UDP 
applications for which BorderManager 
3.0 does not yet provide a specific proxy. 
These generic application proxies enable 
you to route applications through the 
BorderManager 3.0 server, so you don’t 


have to configure packet filters for these 
applications. For example, you might 
want to create a proxy for the Telnet 
server on your company’s network. (See 
Figure 2 on p. 12.) 

As with all proxies, a proxy for this 
Telnet server would ensure that there 
was never direct communication be- 
tween Telnet clients and the Telnet ser- 
ver. Telnet clients would communicate 


only with the BorderManager server, 
and the Telnet proxy on that server 
would relay messages between the Tel- 
net clients and the Telnet server. Al- 
though Telnet clients would be commu- 
nicating through the Telnet proxy, it 
would appear to these clients that they 
were communicating directly with the 
Telnet server. That’s the beauty of appli- 
cation proxies. 
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Figure 3. You can use the snap-in module for the NWADMIN utility to control users’ 


access to application proxies. 


You can configure specific access 
controls for each of the new application 
proxies included in BorderManager 3.0. 
Naturally, all of the access controls pre- 
viously available for the HTTP proxy 
are still available in BorderManager 3.0. 
(See Figure 3.) You can control users’ 
access to the application proxies (in- 
cluding the proxies you create using the 
generic TCP or UDP proxy) based on 
one or all of the following options: 


° Days of the week 

¢ Times of the day 

e Source information, which can be 
NDS objects, DNS host names, host 
addresses, or subnet addresses 


e Destination addresses, which can be 
specific URLs 


In addition, for many of the new ap- 
plication proxies, including the SMTP/ 
POP3 proxy and the NNTP proxy, you 
can configure specific access controls. For 
example, for the SMPT/POP3 proxy, you 
can screen packets based on the source or 
destination e-mail username or domain 
name. And for the NNTP proxy, you can 
screen packets based on the name of the 
destination news group. 


INTERFACE LIFT 

[ have already mentioned several of 
the management conveniences provided 
by BorderManager 3.0: the support for 
WINSOCK 2.0, which eliminates the 
need to replace the WINSOCK software 
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on Windows clients; the transparent 
HTTP proxy, which eliminates the need 
to configure web browsers on individual 
workstations; and the BorderManager 
snap-in module for the NWADMIN util- 
ity, which you can use to manage most 
BorderManager features (including proto- 
col gateways, application proxies, and 
access control rules). 

In previous versions of BorderMan- 
ager, you had to run the BorderManager 
snap-in module for the NWADMIN 
utility on a Windows 95 workstation. 
Support for Windows 98 and Windows 
NT was available, but only as a patch. 
The snap-in module for BorderManager 
3.0, however, supports Windows NT, 
Windows 98, and Windows 95 out of 
the box, so you can use whichever plat- 
form you prefer. 

As you might expect, Novell has 
changed the screens in the snap-in mod- 
ule for BorderManager 3.0, primarily to 
accommodate new BorderManager fea- 
tures. For example, in previous versions 
of BorderManager, you were able to ac- 
cess all of the screens that would enable 
you to perform management tasks by 
clicking the Setup button from the De- 
tails page for the BorderManager Server 
object. In BorderManager 3.0, the Bor- 
derManager Server object offers two new 
details, in addition to the BorderMan- 
ager Setup detail: 


¢ BorderManager Alert, which you use 
to enable alerts 


¢ BorderManager Access Rules, which 
you use to come all outgoing rules 


The BorderManager Alert detail is 
entirely new to BorderManager 3.0. The 
BorderManager Setup detail and the 
BorderManager Access Rules detail are 
modified versions of screens you have 
seen before. | 

Novell also enhanced the logs in 
BorderManager 3.0. In previous versions 
of BorderManager, you could view ser- 
vice logs only through the NWADMIN 
utility, and you could not print these 
logs. The only exceptions to these re- 
strictions were the logs for the HTTP 
proxy. BorderManager 3.0, on the other 
hand, allows you to export all log files to 
a text file, which you can then import 
into a spreadsheet or word- -processing 
application to view and print, 

You can combine these log files 
into one text file, or you can create a 
separate text file for each service. And 
if you are using the HTTP accelerator 
for multiple web sites, you can create a 
separate text file for each web site. For 
example, an Internet service provider 
(ISP) hosting multiple web sites could 
provide each customer with a custom- 
ized log. 

To create reports that are even easier 
to read, you can import the log text files 
into WebTrends, a log analysis tool from 
WebTrends Corp. WebTrends produces 
graphical reports and charts. 

BorderManager 3.0 includes another 
more noticeable, interface-related change 
as well: BorderManager 3.0 offers a new 
Java-based GUI installation utility. This 
wizard-driven utility is similar to the 
Java-based GUI installation utility ship- 
ping with NetWare 5. (For more infor- 
mation about the Java-based GUI instal- 
lation utility, see “Installing NetWare 5 
With a Graphical Utility,” NetWare Con- 
nection, Sept. 1998, pp. 12-19. You can 
download this article from http://www. 
nwconnection.com/sep.98/install98.) 
This fact should come as no surprise 
to you, once you learn that NetWare 5 
is the default operating system for Bor- 
derManager 3.0. BorderManager 3.0 
even includes a two-user version of 
NetWare 5. 

The user-friendly ‘aeniisehe utility 
included with BorderManager 3.0 was 
designed to make installation easy—even 
for users who have never installed a 
Novell product. “What we're trying to 


accomplish with this new GUI installa- 
tion utility,” explains Simon Kandah, a 
product marketing manager at Novell, “is 
to leave users with an up-and-running 
BorderManager server with a default 
configuration by the end of the instal- 
lation process.” In previous versions of 
BorderManager, even after you installed 
the software, you had to perform a couple 
of extra steps before the BorderManager 
server was up and running. 


SINGLE SIGN-ON 

In addition to its interface lift, Border- 
Manager 3.0 offers a few other manage- 
ment enhancements that will probably 
make your life—and users’ lives—easier. 
For example, in previous versions of 
BorderManager, users who attempted to 
access a web site through the HTTP 
proxy had to log in to this proxy using a 
unique username and password, rather 
than their NDS username and password. 
The username and password users entered 
to authenticate to the HTTP proxy had 
to be different than their NDS username 
and password because the authentication 
information was sent over the wire in 
clear text. As a result, someone could 
potentially discover usernames and pass- 
words and compromise security for the 
entire network. 

With BorderManager 3.0, users at 
workstations running Novell’s 32-bit 
client software do not need to log in to 
the HTTP proxy at all. These users log 
in just once to NDS, which provides the 
background check necessary to enable 
authentication to the HTTP proxy. 

So what about users at workstations 
that are not running Novell’s 32-bit 
client software, such as users at UNIX 
and Macintosh workstations? Admit- 
tedly, these users have to log in to the 
HTTP proxy. But the good news is, users 
at such workstations can use their NDS 
username and password to authenticate 
to the HTTP proxy. 


Get Your SOCKS On! 

Users at workstations that are not run- 
ning Novell’s 32-bit client software can 
use their NDS username and password 
to authenticate to the HTTP proxy for 
two reasons: BorderManager 3.0 supports 
SOCKS versions 4 and 5, and Border- 
Manager 3.0 supports a number of authen- 
tication methods, including real NDS 
authentication and authentication using 
the Secure Sockets Layer (SSL) protocol. 


(With real NDS authentication, pass- 
words never cross the wire.) 

SOCKS is a security mechanism that 
enables a server inside a firewall to 
access resources outside that firewall 
while maintaining the internal server’s 
security requirements. SSL, a protocol 
designed by Netscape Communications, 
provides for encrypted, authenticated 
communications across intranets and 


Novell, 


the Internet and between servers and 
web browsers. 

If you want to enable users at worksta- 
tions that are not running Novell’s 32-bit 
client software to authenticate to the 
HTTP proxy using their NDS username 
and password, you must configure the 
BorderManager server as a SOCKS server 
to which SOCKS clients can then con- 
nect. Naturally, these workstations must be 
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running SOCKS client software. SOCKS 
client software is available for UNIX and 
Macintosh, but this client software is not 
included with BorderManager 3.0. 

To configure a BorderManager server as 
a SOCKS server, you choose the Gateway 
tab from the BorderManager Setup detail 
and, from the Gateway window, double- 
click the SOCKS V4 and V5 button. The 
next window that appears allows you to 
configure the BorderManager server as 
a SOCKS server. For example, you can 
specify the authentication method you 
want users to use when accessing the Bor- 
derManager server. You can select the fol- 
lowing authentication options: 


¢ No authentication required, and data 
in clear text 

¢ No authentication required, but data 
encrypted using SSL 

¢ Authentication required (using NDS 
username and password), and data in 
clear text 

e Authentication required (using NDS 
username and password), and data en- 
crypted using SSL 
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e Real NDS authentication, and data in 
clear text 

© Real NDS authentication, and data 
encrypted using SSL 


You can also configure a BorderMan- 
ager server as a SOCKS client. You can 
then use BorderManager 3.0 inside a 
space protected by a SOCKS-compliant 
firewall, thereby preserving your com- 
pany’s investment in its existing firewall. 

To configure a BorderManager server 
as a SOCKS client, you would click the 
SOCKS Client button shown on both 
the Acceleration tab and the Application 
Proxies tab in the BorderManager Setup 
detail. The SOCKS Client window al- 
lows you to specify the address of the 
SOCKS server to which you want the 
BorderManager server to authenticate. 

For example, suppose that you were 
using BorderManager 3.0 to protect an 
internal border between your company’s 
network and the web server for the hu- 
man resources department. Also suppose 
that you had already installed a third- 
party, SOCKS-compliant firewall on the 
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border between your company’s network 
and the Internet. If you wanted users in 
the human resources department to use 
BorderManager 3.0 services to access the 
Internet (including an application proxy 
or the Novell IP gateway), these users 
could do so only if the BorderManager 
server could authenticate to the firewall. 

To ensure that the BorderManager ser- 
ver could authenticate to the firewall, you 
would configure the BorderManager ser- 
ver on the internal border as a SOCKS 
client. You would then specify the fire- 
wall’s IP address as the SOCKS server to 
which you wanted the BorderManager 
server (configured as a SOCKS client) to 
authenticate. Thereafter, Internet requests 
from users in the human resources depart- 
ment would pass through the BorderMan- 
ager server, which would forward these 
requests to the firewall. 


THERE’S MORE WHERE THAT 
CAME FROM | 

Although this article discusses sev- 
eral of the new features available in 
BorderManager 3.0, it does not discuss 
all of them. There are more where these 
features came from, but you'll have to 
check out BorderManager 3.0 for your- 
self to discover every one. For example, 
the site-to-site virtual private network 
(VPN) included with BorderManager 
3.0 now supports the IP Security 
(IPSec) protocol and the Simple Key 
Management for Internet Protocol 
(SKIP). (For more information about 
VPNs and about IPSec and SKIP, see 
“Virtual Private Networks: Making a 
Public Network Private,” NetWare Con- 
nection, February 1998, pp. 6-21. You 
can download this article from http:// 
www.nwconnection.com/feb.98/vpn28.) 

Novell chose to support these emerg- 
ing industry standards to increase the 
potential for interoperability between 
the BorderManager VPN and other 
VPNs that also support IPSec and SKIP. 
Of course, at this stage, no VPN vendor 
can guarantee interoperability. A. E. 
Natarajan, engineering manager for 
Novell’s BorderManager group, points 
out that while support for IPSec and 
SKIP ensures interoperability on the 
wire, it Cannot guarantee interoper- 
ability between VPN configurations. 
The Internet Engineering Task Force 
(IETF), Natarajan says, is still working 
to resolve problems related to interop- 
erability between VPN configurations. 
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Take Your Work Home—Or Wherever 


BorderManager 3.0 includes Virtual Private Network (VPN) 
services, which allow you to establish site-to-site tunnels between 
servers. To extend these VPN services, you can now purchase a 
Client VPN. This client-server software enables dial-up users to 
establish secure VPN tunnels from Windows 95 or Windows 98 
clients to BorderManager 3.0 servers. 

Using this secure client-to-site VPN tunnel, remote users 
can access other servers on the network to which the Border- 
Manager 3.0 server is connected. In fact, users can access all 
of the network resources to which they have rights. In other 
words, once users have established a tunnel, they will feel right 
at home, or rather, right at work—just as if they were using their 
own workstation at the corporate office. 


DOUBLE-CLICK YOUR WAY TO THE OFFICE 

Novell designed the Client VPN software with ease-of- 
installation in mind. Novell ships the Client VPN software on 
CD-ROM. Users simply run the SETUPDOC.EXE file from the 
CD-ROM, and this file installs the Client VPN software. During 
this installation process, the SETUPDOC.EXE file also creates 
a Client VPN icon on the users’ desktop. 

To establish a secure tunnel with a BorderManager 3.0 server, 
users double-click the Client VPN icon. The first time users use 
the Client VPN software, they are prompted to enter a dial-up 
username and password for their Internet Service Provider (ISP) 
account. After entering this username and password, users are 
prompted to enter their Novell Directory Services (NDS) username 
and password. 

This NDS authentication is identical to the NDS authentication 
that occurs on a local network, with one exception: The exchange 
of authentication information between a BorderManager 3.0 ser- 
ver and the Client VPN software occurs over Transmission Core 
Protocol (TCP) rather than over NetWare Core Protocol (NCP). 

After this initial login, the Client VPN software provides a single 
sign-on. That is, after users have entered their dial-up username 
and password once—and only once—the BorderManager 3.0 ser- 
ver stores this information in NDS. The next time users attempt to 
login to the network by way of the Client VPN software, they need 
to enter only their NDS username and password. Users can then 
attach to the Internet (by way of their ISP) and authenticate to the 
remote NetWare network. 


| 
ENCRYPTION IS THE KEY | 

Once a user has been securely authenticated to NDS, the 
Client VPN software retrieves its private Rivest-Shamir-Edleman 
Algorithm (RSA) key. Ultimately, both the BorderManager 3.0 
server and the Client VPN software have their private and pub- 
lic RSA key pair, which enables the client and the server to se- 
curely exchange Diffie-Hellman values. (Diffie-Hellman isa 
cryptographic algorithm.) 

The Client VPN software uses the Diffie-Hellman values to 
generate Diffie-Hellman public and private keys, which the Client 
VPN software and the BorderManager 3.0 server then use to se- 
curely exchange RC2 keys. The Client VPN supports both A0-bit 
and 128-bit RC2 keys, which the client and server use to encrypt 
and decrypt data. 

This process of establishing a secure session between 
the Client VPN software and a BorderManager 3.0 server 
occurs in just seconds. In fact, in a keynote address at Brain- 
Share ‘98 in Salt Lake City, Drew Major, Novell’s chief scientist 
and vice president of advanced development, demonstrated 
the Client VPN software on stage. Drew logged in to the Novell 
corporate network and established a secure session within sec- 
onds. (You can view Major's keynote address at http://www. 
novell.com/webcast/98/bs98/index.htm/#major. The Client 
VPN software demonstration begins about 24 minutes into 
Mgjor’s address.) | 


A CLIENT VPN UNLIKE ANY OTHER | 
The Client VPN software for BorderManager 3.0 ater two 


features not available with other Client VPN solutions: 


¢ NDS integration 
¢ Selective encryption | 

| 

NDS Integration. Because the Client VPN software is fully 

integrated with NDS, you can control which User objects can use 
this software to log in to the BorderManager 3.0 server, Using 
the BorderManager 3.0 snap-in for the NetWare Administrator 
(NWADMIN) utility, you open the BorderManager Access Control 
detail to grant access control rights for the Client VPN software. 
You can grant an Organization object, an Organizational Unit 
object, a Group object, or a User object rights to access the net- 
work by way of the Client VPN software. 


—continued on page 21 


Novell also offers several value-added 
services for BorderManager 3.0, includ- 
ing BorderManager Authentication Ser- 
vices and the new client VPN services. 
(For more information about client VPN 
services, see “Take Your Work Home— 
or Wherever.”) 

The number of features in Border- 
Manager—even before BorderManager 
3.0—prompted Network Magazine to 
name it the Product of the Year for 
1998 in the Proxy Server category. (See 
“1998 Products of the Year,” Network 
Magazine, Apr. 1998. You can also 
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download this article from http://www. 
networkmagazine.com/magazine/archive/ 
1998/04/9804poy.htm. To access this 
issue, however, you must complete an 
online membership form.) 

Interestingly, Network Magazine admits 
that the label proxy server is essentially 
“obsolete. Novell has taken this product 
niche,” the article explains, “and gone 
many levels above what anyone else is 
doing.” The article goes on to say that 
BorderManager FastCache is only the 
beginning of Novell’s offering and then 
devotes a paragraph to listing a few, but 


certainly not all, of BorderManager’s other 
features—for example, NAT, firewall 
security features, and VPN capabilities. 
The new features available in Border- 
Manager 3.0 further extend this list. In 
fact, next year, Network Magazine will 
probably need more than a paragraph to 
list all of the features available in Border- 
Manager 3.0. 

Linda Boyer is a frequent contributor to 
NetWare Connection. She works for Niche 
Associates, an agency that specializes in writ- 
ing and editing technical documents. Niche 
Associates is located in Sandy, Utah. e 


—continued from page 20 


For example, suppose you set up a BorderManager 3.0 server 
for the marketing department and you wanted only users in this 
department to access the network by way of the Client VPN soft- 
ware. In this case, you could create a Group object for the market- 
ing users and grant Client VPN rights only to that Group object. 

Selective Encryption. Selective encryption enables you to 
specify the BorderManager 3.0 servers with which you want the 
Client VPN software to exchange encrypted data. With selective 
encryption, the Client VPN software doesn’t have to encrypt data 
when exchanging data with other Internet servers. The Client VPN 
software encrypts data only when exchanging data with the Bor- 
derManager 3.0 servers you specify. 

In contrast, when you use other Client VPN solutions, such 
as solutions that rely on the Point-to-Point Tunneling Protocol 
(PPTP), all data is encrypted, regardless of the server with which 
the client is exchanging data. As you might suspect, encrypting 
all data is far less efficient than encrypting only data that needs 
to be encrypted. 

As with the NDS access control rights (and, in fact, all config- 
uration options), selective encryption is configured at the Border- 
Manager 3.0 server. To configure selective encryption, you use 
the BorderManager 3.0 snap-in module for the NWADMIN util- 
ity to create what is called a protected network list. In the pro- 
tected network list, you type only the IP addresses of the servers 


with which you want the Client VPN software to exchange en- 
crypted data. The Client VPN software will not encrypt data 
when exchanging information with servers that are not on the 
protected network list. 

For example, suppose a client were using the Client VPN 
software to connect to a BorderManager 3.0 server at Novell. 
Although the client was accessing the Novell network through 
the Client VPN software, the client would actually connect to the 
Internet through an ISP. Thus, the client would not necessarily 
communicate only with Novell servers. The client might also 
access the Internet and browse World-Wide Web sites. 

If the client accessed http://www.cnn.com, the information 
exchanged between the CNN server and the client would ob- 
viously not need to be encrypted. Only when the client was 
accessing Novell servers by way of a BorderManager 3.0 server 
would the data exchanged between the client and the server 
need to be encrypted. To ensure that data is encrypted only 
when exchanged between BorderManager 3.0 servers and a 
client accessing those servers via the Client VPN software, you 
would create a protected network list that contained the IP 
addresses for the BorderManager 3.0 servers. 

The Client VPN software, like the BorderManager 3.0 site-to- 
site VPN, supports both IP and IPX traffic. One BorderManager 
3.0 server can support up to 1,000 Client VPN connections 
using IP and up to 250 Client VPN connections using IPX. @ 
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NDS and 
Z.E.N.works 


Creating Transparent, Easily 
Managed Networks 


Editor’s Note: Does your company need Novell Directory Services 
(NDS)? Or is your company using NDS to its full potential? Over the 
next year, the Novell Certified Professional section will be focusing on 
NDS, explaining how you can use NDS today to better manage ‘your 
company’s network. The Novell Certified Professional section will fea- 
ture NDS-enabled products (such as Novell’s Z.E.N.works) , how-to 
articles, and tips and tricks. 


D: you dream of a network that is so easy to use it is invisible 

to the user and practically manages itself? In May, Novell be- 
gan shipping Zero Effort Networks (Z.E.N.works), bringing these 
dreams closer to reality. Z.E.N.works is a desktop management tool 
that works with Novell Directory Services (NDS) to make the net- 
work transparent to users and easier to manage. 


NDS PROVIDES THE FRAMEWORK 

Although a completely transparent, self-managing network 
may seem impossible, Novell has made strides toward this goal 
with NDS. NDS provides a framework that integrates all network 
components, including users, computers, printers, modems, fax 
devices, applications, and operating systems. Because NDS inte- 
grates these components, you can access and manage all network 
devices from any workstation on the network. And no matter 
which workstation a user uses to access the network, NDS pro- 
vides a consistent view of all available resources. 

Z.E.N.works simplifies access and management of network re- 
sources even more by extending NDS to include information that 
is normally stored on Windows NT, Windows 95, or Windows 3.x 
workstations. For example, Z.E.N.works uses NDS to store informa- 
tion such as applications, printers, and the appearance of the desk- 
top. With NDS and Z.E.N.works, users see a familiar environment, 
whether they log in from their own workstation, a workstation 
down the hall, or a workstation halfway around the world. 

Z.E.N.works and NDS save you time because they eliminate 
the need to manually configure each workstation on the network. 
If you need to troubleshoot a workstation, NDS and Z.E.N.works 
allow you to view user and workstation information and to re- 
motely control the workstation—all without leaving your desk. 


ZERO EFFORT NETWORKS 


If you are like most network administrators, you spend count- 
less hours walking to workstations to install new applications, to 
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troubleshoot problems, and to perform routine maintenance. 
Manually performing these tasks not only increases management 
costs but has a significant impact on users’ productivity. Users 
sometimes have to wait days or even weeks to get applications 
installed or their workstation problems fixed. | 

Z.E.N.works solves these problems by providing you with tools 
that reduce the amount of workstation support required on a net- 
work. Users can then concentrate on their productivity without 
becoming computer experts. 

ZEN. works includes the following components: application 
management and distribution, desktop management, and 
desktop maintenance. 


Application Management and Distribution 

Z.E.N.works includes the Application Launcher, the applica- 
tion management and distribution software formerly called the 
Novell Application Launcher (NAL). The Application Launcher 
works with NDS, allowing you to centrally manage, upgrade, and 
even distribute applications across your company’s network. 

Using the Application Launcher, you can dynamically update 
users’ desktops when new applications become available, you can 
modify registry or INI settings, and you can even provide applica- 
tion load balancing and fault tolerance. You can also use the Ap- 
plication Launcher to handle installation-related questions or 
problems that may occur months later. You can perform all of 
these tasks, without leaving your workstation. 


Fool-Proof Access to Applications | 

The Application Launcher insulates users from the complexities 
of the network. When you install the Application Launcher on 
users’ workstations, the Application Launcher icon appears on the 
desktops. If users double-click this icon, the Applicaton Launcher 


window appears, displaying the icons for 
the applications with which a user is asso- 
ciated. (To give users the necessary rights to 
run applications, you associate users with 
these applications.) The definitions for 
these applications are stored in NDS. 
When a user launches an application, 
the Application Launcher performs all of 
the tasks necessary to run the application: 
For example, the Application Launcher 
connects to required resources (such as net- 
work drives and printers), “pushes” down 
any components needed on the worksta- 
tion, and updates registry settings. Because 
the applications are delivered through NDS 
and are associated with particular User 
objects, a user sees the same set of applica- 
tions, regardless of the workstation from 
which the user logs in to the network. 


Application Objects 

Using the NetWare Administrator 
(NWADMIN) utility, you can create Ap- 
plication objects to define applications in 
the NDS tree. Each Application object 
contains the information needed to run an 
application (such as the directory path to 
the executable file and registry settings). 

The Application object also specifies 
which users can run the application. You 
can associate Application objects with 
User objects, Group objects, or container 
objects. Applications defined in NDS are 
dynamically delivered to users’ desktops, 
and any changes made to an existing Ap- 
plication object are automatically refreshed 
on the users’ desktop. 

You can create Application objects for 
many purposes—all of which eliminate the 
need to visit each workstation to install 
applications. For example, you can create 
Application objects to do the following: 


© Provide access to network-based applica- 
tions (dynamically delivering icons to 
the desktop) 

e Install or upgrade workstation-based 
applications 

@ Install or upgrade Novell client software 

¢ Upgrade desktop operating systems 


If you are creating an Application object 
to install a complex application, you can 
use the snAppShot utility to simplify the 
installation process. The snAppShot utility 
keeps track of the files that the setup pro- 
gram installs on the workstation, copies 
these files, and stores them for use when 
installing the application. The snAppShot 
utility also uses special files to record infor- 
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mation about the changes an application’s 
setup program makes to the workstation’s 
configuration. The snAppShot utility stores 
this information as either an Application 
Object Template (AOT) or an Applica- 
tion Object Text Template (.AXT). 
An.AOT file is written in binary for- 
mat and cannot be modified. An .AXT 
file is written in text format and can be 
viewed or modified with a text editor. The 
.AXT file takes longer to import into an 


Application object and is prone to inac- 
curacies if you do not follow certain .AXT 
file format standards. 

After the snAppShot utility records 
this information, you can use the .AOT or 
.AXT file to create and configure an Ap- 
plication object. Then when a user launch- 
es the application from his or her worksta- 
tion, Z.E.N.works installs the application 
with the configuration that is recorded in 


the .AOT or .AXT file. 


Your Pathway to Successful 


CNE, CNA & MCSE Certification 


he Clarke Tests” v4.0 


for Novell IntranetWare CNE 


- Written by best-selling CNE author David James Clarke, IV 


+ Covers ALL NEW intranet CNE curriculum, including Course 540 for 
continuing CNEs 


- Includes NEW graphical exhibits and simulation-type questions 


Special 6 
Price: | 9g U.S. (S219 retail) 


plus shipping 


OR/Special CNE Study Kit, includes 2 
study guides* (2,500 pages), The Clarke Tests v4.0 
and a license for IntranetWare-—only $269 plus shipping 


*Novell’s CNE Study Guide for IntranetWare/ NetWare 4.11 and 
Novell’s CNE Study Guide for Core Technologies 


Call LearningWare Today! (800) 681-8858 or (801) 465-4753 
Or Surf the Web - www.learning-ware.com 


Aas invented a 
Ww approach to 
ve learning: Skills 
sment and Skills Testing. 
, you learn the course 
material through interactive 
skills assessment study ses- 
sions. Then, when you feel 
ready, you test your compre- 
hension with adaptive and 
simulation-based final exams. 


The Edge Tests” v1.0 


for Microsoft MCSE 


- Written by #1 best-selling MCSE author James Chellis and the “Edge” team 


- Covers the 4 MCSE core requirments for Windows NT 4.0, including Networking 
Essentials, NT Workstation, NT Server and NT Server in the Enterprise 


“| could have sworn | was taking the real MCSE exams. After acing 
The Edge Tests, the certification was a breeze!” —George Williams 


special $369 


OR/Special MCSE Study Kit, 
includes 4 study guides* (3,200 pages) and 
The Edge Tests v1.0—only $469 plus shipping 


*MCSE: Networking Essentials Study Guide; MCSE: Workstation Study Guide; 
MCSE NT Server Study Guide; MCSE: NT Server Enterprise Study Guide 


(second editions) 
LearningWare 


U.S. ($4.49 retail) 
plus shipping 


For more information, visit http://advertise.nwconnection.com. 


\ 


But én we stillsdance 


cy 


with thé@nes that Drought us? 


£OMPAG 


Resellers are how we got here. Resellers will share our success. Period. With increasec 


that offers every kind of customer every kind of solution, a Compagq that values 


Better answers: 


mputer Corporation. 


B 
8 
= 
2 
S 
= 
5 
8 
S 
= 
{= 
5 
a 
Fa 
s 
8 
s 
2 
2 
é 
B 
5 
5 
b= 4 
S 
3 
3 
£ 
& 
= 
5 
2 
5 
3 
S 
2 
S 
2 
5 
# 
3 
2 
= 
4a 
= 
3 
Es 
8 
2 
& 
s 
s 
Z 
Ee 
i= 
s 
8 
cs 
3 
Fa 
§ 
3 
2 
2 
2 
= 
2 
Es 
¢ 
G 
s 
Fe 
5 
= 
§ 
& 
5 
2 
el 
i= 
5 
8 
s 
Es 
g 
& 
5 
3 
8 


teamwork, and resellers, more than ever. For more answers, better answers, reach us at www.compag.com/dance. 


For more information, visit http://advertise.nwconnection.com. 


Policy Package Objects 


Policy Package Object 
Container 
Windows 3.1x User Object 


Windows 3.1x Workstation Object 


Windows 95 User Object 


Windows 95 Workstation Object 


Windows NT User Package Object 


Windows NT Workstation Object 


Intelligent Application Launching 

Because some companies have so many 
users who need to access the same appli- 
cations, these companies have multiple 
servers to handle the workload. Without 
Z.E.N.works, providing application load- 
balancing across these servers requires two 
steps: You must first organize the users into 
separate groups. You must then create sep- 
arate scripts for each group or place an 
icon on each workstation to point to the 
correct application server. 

This solution is time consuming and 
labor intensive. Wouldn’t it be nice if you 
could create an icon that pointed to all of 
the application servers and automatically 
selected which server would run the appli- 
cation? The Application Launcher pro- 
vides this automatic load-balancing. 

To set up automatic load-balancing 
for an application, you launch the NWAD- 
MIN utility and access the Application De- 
tails page for the appropriate Application 
object. You then open the Fault Tolerance 
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Policies 
Search Policy 


Help Desk Policy 
Remote Control Policy 
Workstation Import Policy 


3.1x Computer System Policy 
Remote Control Policy 


95 Desktop Preferences 
95 User System Policies 
Help Desk Policy 

Remote Control Policy 
Workstation Import Policy 


95 Computer Printer 

95 Computer System Policies 
RAS Configuration 

Novell Client Configuration 
Remote Control Policy 
Restrict Login Policy 
Workstation Inventory 


Dynamic Local User Policy 
Help Desk Policy 

NT Desktop Preferences 
NT User Printer 

NT User System Policies 
Remote Control Policy 
Workstation Import Policy 


Novell Client Configuration 
NT Computer Printer 

NT Computer System 
Remote Control Policy 
Restrict Login 

Workstation Inventory @ 


page, enable the load-balancing check box, 
and add the directory path to the applica- 
tion servers you want to load balance. The 
Application Launcher will automatically 
handle load-balancing for this application. 

The Application Launcher also pro- 
vides fault tolerance for applications. For 
example, if your company had multiple 
servers, you could select an application to 
which you wanted to provide fault tolerant 
access and then install this application 
with the same configuration on any or 
all servers. You would then launch the 
NWADMIN utility and access the Appli- 
cation Details page for the appropriate 
Application object. You would open the 
Fault Tolerance page, enable the Fault 
Tolerance check box, and add the direc- 
tory path to the servers on which you in- 
stalled the application. 

The Application Launcher would then 
automatically handle the fault tolerance 
for this application. When users selected 
the application, the Application Launcher 


would contact the primary server. If this 
server were not available, the Application 
Launcher would contact the next server in 
the list and continue this process until a 
server responded. 

You can also configure the Application 
Launcher to determine the nearest appli- 
cation. For example, suppose al user in the 
Atlanta office accessed Corel WordPerfect 
through the Application Launcher. If this 
user traveled to the San Francisco office, 
he or she could click the WordPerfect ap- 
plication icon in the Application Launch- 
er window. NDS would then transparently 
direct the workstation to access the appli- 
cation on the San Francisco server instead 
of accessing the application across the 
WAN link on the Atlanta server. In this 
way, the Application Launcher reduces 
WAN traffic and costs. 


Handling the Windows Registry 

The Application Launcher fully sup- 
ports the Windows registry. If you manually 
create an Application object, you can de- 
fine any registry changes you want to in- 
clude with the application. And as men- 
tioned earlier, if you use an .AOT or .AXT 
file to create an Application object, the 
snAppShot utility automatically records 
any registry changes made when the appli- 
cation is installed. 


Supporting Roaming Users 

The Application Launcher supports 
Windows profiles, which enable users to 
roam. But is supporting these profiles 
enough? No—because parts of the registry, 
such as HKEY_LOCAL_ MACHINE, are 
not included in the profile. 

To understand why supporting HKEY_ 
LOCAL_MACHINE is important, suppose 
a user accessed a network application 
through the Application Launcher. Also 
suppose this application required several 
components to be loaded on the worksta- 
tion. The first time the user selected the 
application, the Application Launcher 
would install the necessary components on 
the workstation and launch the applica- 
tion. The next time the user accessed the 
application from this workstation, the ap- 
plication would immediately launch—it 
would not need to be reinstalled, 

However, suppose the user logged in to 
the network from a different workstation. 
The user would see his or her familiar desk- 
top and the information stored in the Win- 
dows profile. If the user launched the same 
application from the Application Launcher, 


it would install the needed components 
on the new workstation before launching 
the application. 

When downloading applications to 
workstations, the Application Launcher 
stores application information in special 
keys in the HKEY_LOCAL_MACHINE 
part of the registry. Because this part of the 
registry does not move with the profile 
from workstation to workstation, the 
Application Launcher always knows when 
to download components to the worksta- 
tion. The Application Launcher simply 
checks the keys in the HKEY_LOCAL_ 
MACHINE part of the registry to deter- 
mine if the components have been down- 
loaded to the workstation. 


No Traffic Jams, Please 

Because the Application Launcher pro- 
vides so many time-saving features, it is 
easy to forget that installing a new appli- 
cation on hundreds of workstations at the 
same time causes congestion on networks 
and servers. Fortunately, the Application 
Launcher allows you to spread out the load 
over a period of time. For example, you 
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could specify that the Application Launch- 
er install an application over a week. 

You can also configure Z.E.N.works to 
automatically upgrade an application on all 
workstations over a period of time—with- 
out user intervention. When you config- 
ured the Application object, you would 


check the “Run Once” box and make the 
icon show up in the startup folder. 


DESKTOP MANAGEMENT 

Z.E.N.works also includes the tools you 
need to manage users’ desktops—again, 
without leaving your workstation. To pro- 
vide this central management, Z.E.N.works 
uses NDS to store the dependencies that 
are normally stored on the workstation. 
These dependencies include the following: 


e Desktop Preferences. Desktop prefer- 
ences are Windows NT and Windows 95 
Control Panel options that control the 
appearance of the desktop. These op- 
tions include Accessibility, Display, Key- 
board, Mouse, and Sound. 

e Printer Configurations. Z.E.N.works 
allows you to associate printers and print 


GEER For just $99 A MONTH 


The whole idea behind Internet e-mail is speed and sim- 
plicity. So why is it so complicated to get it up and run- 


ning in a network environment? 
With dotNet, it isn’t. 


yourname@yourcompany.com. 


And with dotNet, you won't have to beg. dotNet 


service starts at just $99 per month. 
The solution is simple. Call dotOne at 


MHS-based system. With seamless addresses too: 


drivers with workstations. With Win- 
dows NT, you can also associate printers 
and print drivers with NDS users. You 
can add or remove printers, select a 
default printer, and assign a print driver 
to each printer. You can also specify the 
settings for printers such as the number 
of copies to print. 
Novell Client Parameters. Z.E.N.works 
allows you to configure Novell Client 
parameters and to download these pa- 
rameters to multiple workstations. For 
Windows 95, you can configure param- 
eters such as Preferred Server, Preferred 
Tree, Protocols, and Services. For Win- 
dows NT, you can configure parameters 
such as Preferred Server, Preferred Tree, 
Workstation Manager, and NetWare/IP. 
e Remote Access Server (RAS) Config- 
urations. Z.E.N.works allows you to 
configure phone book entries for dial- 
up networking. Through NDS, you can 
select a dial-up number, or create, edit, 
or delete a dial-up entry. 


Because these dependencies are stored 
in NDS, you can make the changes once in 
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cut] 


Figure 1. To enable policies, you create a Policy Package Object in the NWADMIN utility. 


the NWADMIN utility and then allow 
NDS to deploy the configuration to the 
workstations you have specified. When a 
user logs in to the network, NDS and 
Z.E.N.works automatically configure the 
user’s workstation based on the parameters 
you have selected. 


Policy Packages 

Z.E.N.works stores workstation de- 
pendencies as individual policies in NDS. 
To simplify the management of these 
policies, Novell has grouped these policies 
into Policy Package objects, which you 
can associate with User, Group, or con- 
tainer objects. 

Z.E.N.works includes three types of 
Policy Package objects: container, user, 
and workstation. Because Z.E.N.works 
supports Windows NT, Windows 95, and 
Windows 3.1x, you can create Policy 
Package objects for a particular operating 
system. As a result, you can create seven 
Policy Package objects: 


© Container Package object 

¢ Windows 3.1x User Package object 

¢ Windows 3.1x Workstation Package 
object 

¢ Windows 95 User Package object 

¢ Windows 95 Workstation Package 
object 

¢ Windows NT User Package object 

¢ Windows NT Workstation Package 
object 


Each Policy Package object contains 
multiple policies that are customized for a 
specific operating system. (See “Policy 
Package Objects” on p. 28.) 
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Z.E.N.works policies are disabled by de- 
fault. To enable these policies, you must use 
the NWADMIN utility to create a Policy 
Package object. You can then enable a spe- 
cific policy by clicking the policy’s check 
box. (See Figure 1.) In order for the en- 
abled policies to take effect, you must asso- 
ciate the Policy Package object with a User, 
Group, or container object. 


Effective Policies 

Just as NDS has effective rights, 
Z.E.N.works has effective policies. Effec- 
tive policies are the sum of all enabled 
policies in all Policy Package objects that 
are associated either directly or indirectly 
with a particular object. 

Z.E.N.works leverages the hierarchical 
structure of NDS, allowing policies to flow 
down the NDS tree. For example, suppose 
you enabled the Restrict Login policy in a 
Workstation Policy Package object and you 
associated this object with a container ob- 
ject. All of the users in the container object 
would inherit the Restrict Login policy. 

By default, NDS searches up the tree for 
effective policies. The default search order 
is leaf object, Group object, and then con- 
tainer objects—until NDS reaches the 
[Root] of the tree. 

You can use the Container Search Poli- 
cy to modify this search order. By enabling 
this policy and associating it with a con- 
tainer object, you can change the search 
order or limit the search to one, two, or all 
three locations. 

For example, you could set the search 
order to begin with leaf objects and then 
to search only the parent container object. 
You could exclude Group objects and any 


container objects above the parent con- 
tainer object from the search. By limiting 
the search levels in NDS, you can elimi- 
nate unnecessary network traffic. 


Windows 95/NT Policy Support 

Z.E.N.works supports the user and com- 
puter system policies that are included 
with Windows 95 and Windows NT. (See 
“Policy Package Objects” on p. 28.) Using 
these system policies, you can set attributes 
for the workstation to control the way the 
desktop looks. These attributes remain the 
same, regardless of which user logs in from 
the workstation. 

Z.E.N.works has improved these system 
policies by storing them in NDS and en- 
abling you to create and manage them 
through the NWADMIN utility instead 
of Microsoft’s POLEDIT utility. NDS and 
Z.E.N.works provide two benefits: 

First, you have a central point of admin- 
istration for system policies. You create a 
system policy only once using the NWAD- 
MIN utility, and you don’t have to copy the 
system policy to the SYS:PUBLIC directory 
of each server. When you need to change a 
system policy, you only have to make the 
change once. 

Second, NDS and Z.E.N.works provide 
fault tolerance for system policies because 


NDS is distributed and replicated. 


Workstation Inventory Folicy 
Z.E.N.works also includes a Worksta- 

tion Inventory policy. You can use this 

policy to gather workstation inventory 

information and store this information 

in NDS Workstation objects. 
Z.E.N.works stores the following work- 

station inventory information in NDS: 


¢ Hard disk space 

¢ RAM 

© Operating system version 

¢ Interrupts, I/O ports, and DMA chan- 
nels in use 

* Services and devices running on the 
workstation 


When a change is made to the worksta- 
tion, Z.E.N.works senses this change and 
automatically updates the workstation 
information in NDS. As a result, you 
always have the most curreat information 
about a workstation at your fingertips. 


Roaming Profiles for Windows NT 
Z.E.N.works also enables you to store 
roaming profiles for Windows NT work- 


stations in NDS. As a result, a user has 
the same profile, regardless of the work- 
station from which the user logs in to the 
network. The user’s desktop always looks 
the same, and the user has access to the 
same applications. 

You enable roaming profiles through 
the NT Desktop Preferences in the NT 
User Policy Package. By selecting the 
Roaming Profiles tab, you can enable 
roaming profiles and define where on the 
network the profiles should be stored. 


DESKTOP MAINTENANCE 

Although Z.E.N.works significantly 
reduces the amount of time you spend 
visiting workstations, users will still ex- 
perience problems that require diagnosis 
and troubleshooting. Unfortunately, 
there is typically no clear way for a user 
to notify the IS help desk of a problem. 
At some companies, users may not know 
who to call, or they may have to leave 
a message or wait on-hold until a sup- 
port technician is available. As a result, 
companies spend millions of dollars each 
year on desktop management and loss of 
user productivity. 

To provide a solution for these chal- 
lenges, Z.E.N.works includes the following 
desktop maintenance technologies: 


e A help desk component that is tightly 
integrated with NDS, allowing users to 
communicate problems efficiently to 
the IS help desk 

e Remote control software for Windows 
NT and Windows 95 workstations that 
requires NDS security privileges 

e Snap-in modules for the NWADMIN 
utility, allowing you to customize how 
users participate in diagnosing a worksta- 
tion problem and which support techni- 
cians can remotely control workstations 


Help Desk Policies 

To help users communicate problems 
to the IS help desk, you can use the 
NWADMIN utility to create a help desk 
policy, which contains the contact infor- 


mation users need when a problem occurs. 


For example, this policy contains names, 
e-mail addresses, and telephone numbers. 
When a problem occurs, users can use 

the Z.E.N.works Help Request application 
(which you can quickly and easily distrib- 
ute through the Application Launcher) to 
find the contact information and report 
the problem through an e-mail message or 
a telephone call. 
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The Help Request application then uses 
information about the user’s workstation 
(which is gathered by the Workstation In- 
ventory policy and stored in NDS) to fa- 
cilitate the resolution of the problem. A 
user doesn’t need to know detailed infor- 
mation about his or her workstation since 
this information is stored in NDS. 


Remote Control Policies 

After a problem is identified, a support 
technician can use the Z.E.N.works remote 
control software to connect to the worksta- 
tion and repair it. The support technician 
must have the appropriate NDS access 
rights to remotely control the workstation. 
To grant these access rights, you create re- 
mote control policies that govern who can 
establish a remote control session and on 
which workstations. 

When you create a Remote Control 
Policy, you can configure the following: 


e Enable remote control 

e Prompt the user to grant permission to 
have his or her workstation controlled 
remotely 


Winpop Plus 


© Give the user an audible signal when 
his or her workstation is being 
controlled remotely 

@ Give the user a visible signal when his 
or her workstation is being controlled 
remotely 

e Define the default protocol for the 
remote control agent 


Because the Remote Control policy is 
contained in both Workstation Policy 
Package objects and User Policy Package 
objects, you can manage remote control on 
either the workstation or the user level. 


CONCLUSION 

Z.E.N.works makes the dream of a trans- 
parent, nearly self-managing network a 
reality. Z-E.N.works solves most of the ap- 
plication, workstation management, and 
workstation maintenance challenges you 
face today, thereby lowering the cost of 
managing complex networks. (For informa- 
tion about the next version of Z.E.N.works, 
see “Novell News” on p. 42.) 

Sandy Stevens is a freelance writer based in 
Salt Lake City. @ 


Instant messaging for NetWare networks 


INSTANT MESSAGING, 
GROUP CHAT 
AND REMOTE CONTROL! 


The award winning solution for businesses and organizations looking to 


deliver popup messages instantaneously to the desktop. Winpop Plus is 


the only solution delivering instant messages with zero administration. By 


fully leveraging the directory of your existing network, Winpop Plus, can 


communicate without maintaining a proprietary user list. 


With support for Windows 95 and Windows NT on NetWare 3.x, 4.x and 
IntranetWare, Windows NT Domains, and Windows peer networks over 
IPX/SPX or TCP/IP, Winpop Plus offers a complete solution for 


organizations looking for a flexible instant communications solution. 


Download a full evaluation today! 


Call WiredRed 619 530 1447 or visit our web site 
http://www.wiredred.com 


For more information, visit http://advertise.nwconnection.com. 
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Psychological Viruses 


Mark Lofgren 


Conus: viruses scare us all. After all, these viruses can de- 
stroy computers and months or even years of work. As a net- 
work administrator, you know the time and money it takes to 
protect your company’s computers and data. 

And if the actual viruses themselves aren’t enough to worry 
about, people have begun preying on our paranoia by starting vi- 
tus hoaxes. For example, the Good Times virus hoax had many 
people fearing that their data would be destroyed. The creators of 
this hoax sent an e-mail message worldwide, warning people that 
a separate e-mail message with the subject line “Good Times” 
contained a virus. If you received this message, the Good Times 
virus would supposedly destroy your computer’s hard drive and 
send the processor into an infinite binary loop, which would 
damage the processor itself. Could an e-mail message really 
create this damage? 


KNOWLEDGE IS POWER 

Understanding how viruses work can protect you against virus 
hoaxes. Two kinds of viruses can infect a computer: file viruses 
and boot sector viruses. 

File viruses are more common than boot sector viruses. As 
the name suggests, file viruses are usually macros that infect 
files created by applications such as Microsoft Word or Microsoft 
Excel. For example, the Concept virus changes codes in the 
NORMAL.DOT file that Word uses to generate macros. If you 
open a Word file that is infected by this virus, your computer 
becomes infected. 

Although infected with the Concept virus, your computer 
will continue to function normally, and no data will be lost. 
When you open a Word file, however, you will experience prob- 
lems. For example, some macros may not function, and you may 
not be able to save files. 

File viruses are usually easy to eliminate because most virus- 
protection software can easily detect these viruses and eliminate 
them. Several companies such as Network Associates Inc. and 
Computer Associates offer virus-protection software for servers 
and workstations. 

Unfortunately, boot sector viruses are more dangerous because 
they can damage executable files on your computer's hard drive. 
However, the only way a computer can get a boot sector virus is 
to boot from a diskette that is infected with the virus. If you boot 
a computer with an infected diskette in the floppy drive, the virus 
copies itself into the computer’s memory. The virus later writes 
itself to the master boot record on the hard drive. 

Boot sector viruses, such as the Antiexe virus, corrupt execut- 
able files on the hard drive. As a result, you will be unable to run 
these executable files. 

Eliminating boot sector viruses is also relatively simple if 
you have virus-protection software. However, the longer the 
virus is allowed to run, the more damage it will do. To detect 
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the boot sector viruses as quickly as possible, you should run 
virus-protection software regularly. 


YOU DON’T FOOL ME 

To answer the question posed earlier, an e-mail message that 
is just text cannot destroy a computer's hard drive or processor. 
Viruses are spread from files or boot sectors, and an e-mail mes- 
sage that contains only text has no file or boot sector. 

Of course, an e-mail message may have an attachment that 
contains a virus. If you don’t open the attachment, the virus 
cannot infect your computer. Since most people open attach- 
ments, however, the key is detecting the virus before it has a 
chance to spread. 

Depending on the virus-protection software you are using, you 
can have the file scanned as soon as it is saved on your computer’s 
hard drive. If the virus-protection software is up-to-date, it will 
detect the virus before the virus can damage your computer. 


SOME HOAXES ARE HARMLESS 

Because virus programmers sometimes disguise their viruses 
with computer games or screen savers, people have become sus- 
picious of games and screen savers. As a result, people can un- 
knowingly create a virus hoax. For example, Access Softek re- 
leased GHOST.EXE, an entertaining Halloween screen saver 
that featured ghosts flying around a graveyard. Although this 
screen saver was harmless, many people thought it might con- 
tain a virus, which would be triggered on a specific date. How- 
ever, the original GHOST.EXE did not contain ary virus code. 

Many people also thought the Budweiser Frog screen saver 
contained a virus. In fact, an e-mail message was circulated, warn- 
ing that the Budweiser Frog screen saver would crash your com- 
puter hard drive. However, I have used this screen saver for a long 
time, and my hard drive works just fine. 

Don’t take my word for it, however. If you think your com- 
puter may have a virus or if you have heard that a particular pro- 
gram or file contains a virus, check it out. Make sure the virus- 
protection software you are using is up-to-date, and scan the pro- 
gram or file. You can visit Network Associates’ World-Wide Web 
site (http://www.nai.com/vinfo) for more information about virus 
threats. (Network Associates was formed by the merger of McAfee 
Associates and Network General.) You can also visit Computer 
Associates’ web site (http://vww.cheyenne.com/virusinfo) or Dr. 
Solomon’s web site (http://www.drsolomon.com/home/home.cfm). 
(Dr. Solomon’s also merged with Network Associates.) 

To learn more about protecting your company’s network 
from virus attackes, see the related article on page 38. For more 
information about e-mail hoaxes, visit http://urbanlegends. 
miningco.com/library/blhoax.htm. 

Mark Lofgren provides technical support on the Internet for The 
Forums (http://theforums.com). @ 


Backup Products That Support NetWare 


In the August and September issues of NetWare Connection, Mickey Applebaum de- 
voted his “Technically Speaking” column to a two-part discussion on performing backups. 
As Mickey explained, you must back up two components on an intraNetWare or NetWare 
server: Novell Directory Services (NDS) and the NetWare file system. 

Because these components perform different functions, each component has unique 
backup requirements. You must ensure that your company’s backup process meets these 
requirements. Only then can you successfully back up both components and restore them 
in the event of a server failure. To understand the backup requirements for NDS and the 
NetWare file system, read the following articles: 


* “Technically Speaking: Backing Up NDS,” NetWare Connection, Aug. 1998, pp. 43-45. 
You can download this article from http:/www.nwconnection.com/aug.98/techsp88. 

° “Technically Speaking: Backing Up the NetWare File System,” NetWare Connection, 
Sept. 1998, pp. 38-42. You can download this article from http://www.nwconnection. 
com/sep.98/techsp98. 


Once you know the requirements for backing up NDS and the NetWare file system, 
you can ensure that your backup solution securely backs up both. This month’s “Product 
Focus” highlights some of the backup software available to help you back up your com- 
pany’s critical data. All of the software products featured have been Novell Yes, Tested 
and Approved and are year 2000 compliant. This month’s “Product Focus” also briefly 
describes the types of backup hardware available today and lists some companies that 
offer backup hardware. (See “Backup Hardware” on p. 36.) @ 


NetWare interleaves data at a file level, 
allowing you to concurrently back up 
multiple targets to a single backup tape. 
File interleaving allows ARCserve 6.1 


ARCSERVE 6.1 FOR NETWARE 
ARCserve 6.1 for NetWare, from Com- 
puter Associates International Inc. (the 


PRODUCT 


tape. If the virus-protection software 
detects an infected file, ARCserve 6.1 
for NetWare sends an alert and exe- 
cutes a user-defined instruction to skip, 
rename, or move the file. The backup 
process is not interrupted, and you can 
eliminate the virus later. 
¢ Error Wizard. If an error occurs during 
the backup process, you can easily find 
out what the error message means by 
double-clicking the message. ARCserve 
6.1 for NetWare then displays a detailed 
description of the error. You can also 
configure ARCserve 6.1 for NetWare to 
notify you directly if an error occurs. 
Client Support. ARCserve 6.1 for 
NetWare allows Windows 95, Win- 
dows 3.x, OS/2, and DOS users to 
back up data stored on their worksta- 
tion or on the server. You can purchase 
client agents for Windows NT, UNIX, 
and Macintosh. 


You can download a trial version of 
ARCserve 6.1 for NetWare from http:// 
www.cai.com/evaluate/download.htm. For 
more information about ARCserve 6.1 for 
NetWare, visit the Computer Associates’ 
World-Wide Web site (http://www.cai. 
com/arcserve). You can also call 1-800- 
225-5224. If you live outside the United 
States and Canada and you want to locate 
the Computer Associates office nearest 


Cheyenne division), allows you to back up 


intraNetWare, NetWare 4.1x, and Net- 
Ware 3.1x servers. (Computer Associates 
is releasing a new version of ARCserve to 
support NetWare 5.) ARCserve 6.1 for 
NetWare includes the 


following features: 


¢ Novell Directory 
Services (NDS) 
Support. ARCserve 
6.1 for NetWare 
backs up NDS, in- 
cluding virtually 
any extended NDS 
schema. ARCserve 
6.1 for NetWare also 
includes snap-in 
modules for Novell's 
NetWare Adminis- 
trator (NWAD- 
MIN) utility, allow- 
ing you to manage ARCserve objects. 

e File Interleaving. ARCserve 6.1 for 


for NetWare to back up your data more 
quickly and eliminates the need to pur- 
chase multiple tape drives. 


e Parallel Streaming. ARCserve 6.1 for 


NetWare simultaneously 
backs up multiple sources to 
multiple target drives on a 
single server, doubling the 
throughput of the backup 
system. ARCserve 6.1 for 
NetWare also allows you to 
simultaneously back up data 
to one drive and restore data 
from another drive. 

e Server Prioritization. When 
backing up multiple servers in 
a single job, you can rank the 
order in which the data is 
backed up. 


Computer Associates’ ARCserve 6.1 Integrated Virus Scanning. 


ARCserve 6.1 for NetWare 
uses virus-protection software to check 
files before writing them to a backup 


you, visit http://www.cai.com/camap.htm, 


or call 1-516-342-5224. 


Bijoren rive MaNAGeR 


St. Bernard’s Open File Manager 5.1 


OPEN FILE MANAGER 5.1 

Designed as a complementary utility 
to backup software programs, Open File 
Manager 5.1 from St. Bernard Software 
captures open files during the backup pro- 
cess, even if these files are being modified. 
Without Open File Manager 5.1, backup 
software programs might skip open files, 
users might be locked out of applications, 
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BACKUP HARDWARE 


How you configure your backup system depends on many 
variables—for example, how large your company’s budget is, 
how quickly you need access to data in the event of a failure, how 
much data you are backing up, and whether you are also creating 
an accessible archive. There are as many backup options as there 
are ways to use them. The major types of backup systems are 
listed below: 


JUKEBOX 

By placing optical disks, CD-Recordables (CD-Rs), or CD- 
Rewriteables (CD-RWs) in a jukebox that can automatically load 
and unload disks, you can maintain a large amount of data in 
near-line storage. A jukebox is a permanent, high-capacity backup 
option with high reliability, but this option is more expensive than 
the many tape backup systems that are available. A jukebox is also 
a great backup option for archiving data and for keeping this data 
readily available for quick reference. 


RAID 

A Redundant Array of Independent Drives (RAID) system is a 
disk subsystem that combines multiple hard drives into one logical 
drive. A RAID system improves performance and data availability: 
If one hard drive in the RAID system fails, the other hard drives can 
still operate. A RAID system protects against hard drive failures but 
not against software failures or other hardware failures. 


SERVER MIRRORING 

Server mirroring is the most secure (and the most expensive) 
backup option. With server mirroring, every component associated 
with a server and its accompanying backup system is duplicated to 
another server. Server mirroring provides immediate online recovery 
of data, allowing you to simply switch to the secondary server if the 
primary server fails. 


TAPE DRIVE 
A tape drive is a physical backup device. A tape drive offers the 
lowest storage cost (starting at 2 cents per megabyte for a 4mm 


or worse, the backup data might become 
corrupted. Then in the event of a net- 
work failure, you could not restore these 


files in a cache, where the backup soft- 
ware program can then copy them. 
Users have access to the open files 


backup tape) and provides an efficient storage format for data. 
However, a tape drive is one of the slower backup options, and 
data stored on a backup tape cannot be quickly accessed. 


TAPE LIBRARY 

In a tape library, a series of backup tapes are loaded into an 
autochanger, automating the process of accessing and rotating 
tape. Although a tape library can handle a large arnount of data, 
this backup option performs more slowly than other options. A tape 
library is, however, a less expensive way to back up critical data that 
you do not need to access on a regular basis. 


BACKUP HARDWARE VENDORS 
You can visit the following companies’ World-Wide Web sites to 
get information about specific backup hardware products: 


° AIWA Raid Technology Inc. (http://www.aiwa.com/csd/ 
product/prodfram.htm) 

* Compaq Computer Corp. (http:/Mvww.compag.com) 

° Data General Corp. (http:/Mwww.dg.com/storage) 

° Exabyte (http:/Avww.exabyte.com) 

° Fujitsu Computers (http://www.fujitsu.com) 

* GigaTrend Inc. (http:/Avww.gigatrend.com) 

° Hewlett-Packard Co. (http://www.hp.com/storage) 

°¢ Hitachi Computer Products (America) Ltd. (http://www. 
hitachi.com) 

¢ IBM Corp. (http://www.storage.ibm.com) 

* Imation Corp. (http://www.imation.com/dsp) 

* lomega Corp. (http://www.iomega.com) 

* Mitsumi Electronics Corp. (http:/Avww.mitsumi.corn) 

¢ Samsung Information Systems America (http:/Awww. 
samsung.com) 

* Sanyo Electric Company Ltd. (http:/Avww.sanyo.com) 

¢ Seagate Technology Inc. (http:/Avww.seagate.com) 

° Sony Electronics Inc. (http://www.ita.sel.sony.com/products/ 
storage) 

° Toshiba America Information Systems Inc. (http:/Avww. 
toshiba.com) 

° Western Digital Corp. (http://www.westerndigital.com) @ 


Manager from St. Bernard’s web site 


(http:/Avww.stbernard.com). You can also 
call 1-800-782-3762 or 1-619-676-2277. 


open files. 

Open File Manager 5.1 supports all 
leading backup software (independent 
of the hardware you are using) and runs 
on the following operating systems: 


© NetWare 4.x and 3.x servers 
© Windows NT 4.0 and 3.51 servers 
and workstations 


Open File Manager 5.1 monitors the 
file system for read requests coming from 
a backup software program. During the 
backup process, Open File Manager 5.1 
makes a copy of open files and holds these 


36 NetWare Connection October 1998 


throughout the backup 
process. If users change 
open files during the 
backup process, these 
changes are not saved 
to the backup tape. 
The backup software 
program saves open 
files as they appeared 
when the backup 
process began. 

You can get more 
information or down- 
load a 15-day free trial 
version of Open File 


FOR NETWARE 
ENTERPRISE EDITION 


Seagate’s Backup Exec 8.0 


BACKUP EXEC FOR 
NETWARE 8.0 

Backup Exec for NetWare 
8.0 from Seagate Software 
Inc. supports IP, IPX, and 
Novell Storage Services 
(NSS), Novell’s next- 
generation file system which 
is available in NetWare 5. 
In addition, Backup Exec 
for NetWare 8.0 supports 
Novell’s Storage Manage- 
ment Services (SMS) and 
target service agents (TSAs). 


Backup Exec for NetWare 8.0 offers 
the following new features: 


¢ Working Set Backup. Backup Exec 
for NetWare 8.0 allows you to make a 
working set backup, which is a backup 
job that backs up all of the files users 
accessed during a period of time you 
specify. For example, if you did not 
want to make a complete backup every 


day, you could make a working set back- 
up instead: You could specify that Back- 


up Exec for NetWare 8.0 should back 
up all of the files users accessed during 


the last 24-hour period. You could then 


make a complete backup less often, 

such as twice a week. 
e Agent Accelerator. Backup Exec for 
NetWare 8.0 includes Seagate’s Agent 
Accelerator technology, which shortens 
backup times for remote servers. 
Seagate Exec View. Backup Exec for 
NetWare 8.0 includes Seagate Exec 
View, a multiplatform storage manage- 


ment console. Seagate Exec View allows 


you to centrally manage all backup jobs 
in a mixed Backup Exec for NetWare 
and Backup Exec for Windows NT 


environment. 


Backup Exec for NetWare 8.0 runs on a 


NetWare 5 or NetWare 4.1x server, from 


which you can also back up a NetWare 4.x 


server or NetWare 3.x server. (Backup 
Exec for NetWare 7.5 runs on NetWare 
4.x and NetWare 3.11.) 

You can download a 60-day trial ver- 


sion of Backup Exec for NetWare 8.0 from 


http://www.seagatesoftware.com/benw/ 
demod/content.asp. For more information 
about Backup Exec for NetWare 8.0, visit 
Seagate Software’s web site (http://www. 
seagatesoftware.com). You can also call 


1-800-327-2232 or 1-407-531-7600. 


NOVANET 7.0 

NovaNet 7.0 from NovaStor Corp. of- 
fers advanced reports and diagnostics, the 
ability to schedule backup jobs months in 
advance, and a seamless integration with 
peripherals. NovaNet 7.0 also uses a stan- 
dard user interface for all platforms, mak- 
ing it easy for you to work from any work- 
station. In addition, NovaNet 7.0 offers 
the following new features: 


¢ Distributed Devices. You can attach 
backup devices to any station on the 
network, regardless of operating system 
or network platform. 


© Multiple Concurrent Devices. During a 


backup or restore job, NovaNet 7.0 can 
transfer data to and 
from multiple backup 
devices concurrently. 
As a result, multiple 
servers can simultane- 
ously send data to mul- 
tiple backup devices. 
¢ Distributed Database 
Management Server. 
NovaNet tracks and 
stores data about back- 
up jobs, files, and tapes 
in its storage manage- 
ment database. Nova- 
Net 7.0 also allows 
you to designate any 
network station as the 
database management 
server, regardless of the network sta- 
tion’s location or operating system. 
Enterprise Edition. NovaNet 7.0 works 
with any combination of NetWare, 
Windows 95, Windows NT, and DOS. 
© Multiple Stream Processing. NovaNet 
7.0 can process an unlimited number of 
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data streams simultaneously, with a 
maximum of eight data streams per 
backup device. 
e Parallel Data Streams. 
NovaNet interleaves 
wp files at the block level 
(as opposed to the file 
level). Interleaving files 
at the block level re- 
duces network over- 
head, resulting in faster, 
more efficient data 
transfer rates. 


¢ Way To 


You can download a 
demonstration copy of 
NovaNet 7.0 from Nova- 
Stor’s web site (http://www. 
novastor.com/download). 
For more information 
about NovaNet 7.0, visit http://novanet. 
novastor.com or call 1-800-NovaStor. If 
you live outside the United States or 
Canada, you can call 1-805-579-6700 
or visit http://www.novastor.com/nova_ 
stor/info/intl_resellers.html to find the 
NovaStor office nearest you. @ 


For more information, visit http://advertise.nwconnection.com. 


Jessica Chen 


Technically @ 


Protecting the 
Network From Virus 
Attacks 


Mickey Applebaum 


Editor’s Note: “Technically Speaking” answers your technical 
questions, focusing on network management issues. To submit 
a question for a column in a future issue, please send an e-mail 
message to nwc-editors®nwconnection.com, or send a fax to 


1-801-228-4576. 


NI etwork administrators frequently ask two questions about 
viruses: 


e What is the best way to protect a network from virus attacks? 
e What is the best virus-protection software for servers? 


The purpose of virus protection is to maintain data integ- 
rity by preventing outside agents from accessing and modifying 
that data. Because a network has many different components, 
there are several entry points for viruses to attack the network. 
This article describes how to protect your company’s network 
from virus attacks, explaining how to identify points of entry 
and implement appropriate protection. 


ALL EYES ARE NOT ON THE SERVER 

There are many misconceptions about virus attacks. The 
first misconception is that the server is the primary target 
for virus attacks on a network. Although a lot of virus- 
protection software play off this misconception, it is still 
just that—a misconception. 

You must protect your company’s network against two types 
of viruses: file viruses, which attach themselves to binary code 
(such as application files), and boot sector viruses, which at- 
tach themselves to executable code. Viruses are spread when a 
user opens or runs an infected file on a computer. 

A virus cannot be spread if the user cannot run the infected 
file directly on the computer. As a result, the NetWare server 
console is secure from virus attacks because you cannot run an 
infected DOS or Windows 95 application on the NetWare 
console. The same is true of viruses that are written to infect 
Macintosh or UNIX workstations. Because you cannot run 
Macintosh or UNIX programs on the server console, such 
viruses cannot attack the server itself. 
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However, the server console becomes vulnerable when you 
reboot it: Before NetWare is loaded, you can access DOS on 
the server. At this point, you could insert an infected diskette 
into the server’s diskette drive and unknowingly run an in- 
fected file. 

Infecting the server at this level can cause problems when 
you copy files (such as updated versions of the SERVER.EXE 
file or LAN or disk drivers) to the DOS partition. This virus 
infection might also cause RAM integrity problems when 
NetWare is running and you are performing DOS access op- 
erations on the server’s A or C drive. For example, updating 
drivers from the server console or installing new services on 
the server could cause RAM integrity problems. 

To protect the server console when it is in DOS mode, you 
should install a DOS virus-protection utility on the server’s 
DOS partition (C drive) and run this utility whenever you 
need to perform any operations (such as copying files) on the 
server’s C drive. However, you should not leave the DOS 
virus-protection utility in memory when NetWare is running. 
Since you will not be using this utility when NetWare is run- 
ning, you can free up server resources. 

You should also install server-based virus-protection soft- 
ware. Several companies such as Network Associates, Symantec 
Corp., and Computer Associates Inc. offer this software, which 
allows you to check every read and write operation made on 
the server. (Network Associates Inc. was formed by the merger 
of McAfee Associates, Network General, and Dr. Solomon’s 
Software. ) 

For most networks, you can configure the server-based virus- 
protection software to perform scheduled checks on the vol- 
umes mounted on the server. As the next section explains, most 
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ACHIEVE A HIGHER LEVEL OF NETWORK UNDERSTANDING 


Novell’s Advanced Technical Training” 


Novell’s ATT program provides in-depth training for experienced IT professionals, already proficient in the use 
of Novelle products. Our ATT staff is comprised of networking support experts (some even say masters) who 
understand the issues associated with Novell networking systems, and offer advanced instruction from a technical 
support standpoint. Training options include conferences held across the country, videos, and computer-based training. 


For more information, and for substantial discounts on ATT videos, simply visit us at www.novell.com/nwe/bookstor/ 


or http://support.novell.com/additional/advit/us/. Total enlightenment has never been so convenient. 


Novell. 


For more information, visit http://advertise.nwconnection.com. 


viruses enter the network through work- 
stations, and checking each read and 
write operation on the server may not de- 
tect viruses introduced on workstations. 
By running scheduled checks on the 
server, you provide adequate protection 
for the server and improve the perfor- 
mance of the server. You can also sched- 
ule the check to coincide with other disk 
operations such as the backup. 


VIRUSES SNEAK ONTO THE NETWORK 
THROUGH WORKSTATIONS 

The second misconception about 
viruses is that if you run virus-protection 
software on the server, your company’s 
network is secure. Although that parti- 
cular server may be protected from vi- 
ruses, the entire network is not secure. 
You must protect the network at the 
point of attack—the point at which the 
virus has the greatest potential for entry 
to the network. 

The most vulnerable part of your 
company’s network is the workstations. 
If you run virus-protection software at 
the point of entry—in this case, each 
workstation—a virus cannot attack 
the local drives on the workstation, 
and a virus-infected file cannot be 
transferred to another workstation on 
the network. 

By providing virus-protection soft- 
ware at the workstation level, you are 
providing the highest level of security 
against attack. The following examples 
show the importance of running virus- 
protection software on each workstation. 


The Danger of Unprotected 
Workstations 

Suppose a network administrator in- 
stalled virus-protection software only on 
the server. By configuring this software to 
scan all read and write operations in real- 
time, the network administrator was con- 
fident that his company’s network was 
protected against virus attacks. 

Now suppose a user downloaded a file 
from the Internet onto a diskette in his 
workstation’s A drive. The user then ran 
the file to install a utility on his worksta- 
tion’s C drive and made copies of the 
diskette to give to other users. 

The user’s workstation would be in- 
fected as soon as he ran the file he down- 
loaded. The virus would quickly and eas- 
ily spread to all of the files on his C drive. 
Of course, all of the users who ran the 
same file would also infect their C drives. 
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Since no read or write operations 
were made on the server, the virus- 
protection software running on the 
server never had the chance to check 
the infected files. As a result, the com- 
pany would have a full-blown virus in- 
fection and no way to stop it. Worse, 
the network administrator might not 
be notified that a problem existed until 
users began experiencing serious prob- 
lems on their workstations. 


The Safety of Protected 
Workstations 

Suppose that the network administra- 
tor had installed virus-protection soft- 
ware on the workstations as well as on 
the server. Also suppose the network 
administrator had configured the virus- 
protection software to check all read and 
write operations to all local drives (in- 
cluding floppy diskette, ZIP, JAZ, or CD- 
ROM drives). If a user downloaded a file 
from the Internet and saved this file to 
the A drive, the virus-protection soft- 
ware would alert the user that a virus 
was found in the file. 

Now suppose a user brought a diskette 
from home and inserted the diskette 
into her workstation. When this user 
attempted the first file read, the virus- 
protection software would alert the 
user that a virus had been detected. 


Bells and Whistles for Virus- 
Protection Software 

Some virus-protection software may 
be NetWare-aware and include a server 
component. In this case, you can con- 
figure the virus-protection software 
running on the workstations to send an 
alert to you or another network admin- 
istrator when a virus is detected. You 
will then know when a user is trying to 
save or run an infected file. 

Because more and more users are 
accessing the Internet, many virus- 
protection manufacturers are releasing 
Internet virus-checking programs that 
actually read the data stream being down- 
loaded. (The programs read the data 
stream whether the user is using a mo- 
dem or LAN connection.) As soon as an 
Internet virus-checking programs detects 
a virus signature in the data stream, this 
program aborts the download and sends 
the user an alert. The virus never even 
makes it to the user’s workstation. 

Virus-protection manufacturers are 
also providing safeguards to prevent 


users from disabling virus-protection 
software. You can configure the virus- 
protection software so taat a workstation 
cannot connect to the network if this 
software is disabled or uninstalled. 

You can use this feature to ensure 
that all workstations are protected 
and cannot spread infected files. Al- 
though implementing this feature in- 
volves more configuration time upfront, 
it reduces the network’s exposure to 
virus infection. 

If the virus-protection software you 
are using on the server and workstations 
is from the same manufacturer, another 
feature may be available: You may be 
able to configure the virus-protection 
software to send an alert to you or 
another network administrator if a 
user attempts to log in to the network 
from a workstation that does not have 
virus-protection software. 


E-MAIL MESSAGES CAN BE 
VIRUS CARRIERS 

Another common misconception 
is that e-mail messages themselves can 
contain viruses. Many e-mail messages 
contain dire warnings about e-mail 
viruses. According to these warnings, 
simply opening an e-mail message that 
has a certain subject line (such as “You 
Are A Winner”) will destroy your entire 
hard drive. 

If you receive an e-mail message 
warning you about opening a certain 
e-mail message, don’t be alarmed. You 
cannot get a virus simply by opening an 
e-mail message. The e-mail message that 
contains the warning is a virus hoax, 
making you worry about events that 
cannot happen. (For more information 
about virus hoaxes, see the related arti- 
cle on p. 34.) 

Although you cannot get a virus via an 
e-mail message itself, you can receive an 
infected file as an attachrnent to an e-mail 
message. To protect your company’s net- 
work from being infected by a file that is 
sent as an attachment, you should ask 
users to follow these simple rules: 


¢ Never open a file that is attached to 
an unsolicited e-mail message from an 
unknown sender. If you don’t know 
who sent the file or if you did not ex- 
plicitly request the file be sent to you, 
you should simply delete the e-mail 
message. Do not open or download 
the attachment. 


¢ Never open an attached file directly 
into an application, such as Microsoft 
Word. The Concept virus (a Word 
macro virus) spread quickly because 
many users had configured their 
e-mail application to automatically 
open .DOC files in Word. You should 
configure your e-mail application to 
prompt you before opening an at- 
tached file. 

¢ Open an attached file on a removable 
media device first. By opening files 
on a floppy diskette, ZIP, or JAZ 
drive, you can properly scan the file 
for viruses. You are also less likely to 
infect other files on your workstation’s 
hard drive. 

e Immediately after opening a file, run a 
virus check on the file. Although 
virus-protection software runs back- 
ground checks, you should not rely on 
these background checks to test all 
files written from e-mail attachments. 

e Do not run any file you receive via 
e-mail until you have run a complete 
virus check on the file. 


Because e-mail attachments can be 
infected with viruses, some e-mail man- 
ufacturers and virus-protection manufac- 
turers now offer e-mail virus-checking 
software. This software actually runs on 
the e-mail server and checks all e-mail 
messages (including attachments) being 
sent and received for viruses. E-mail 
virus-checking software can notify you 
of infected attachments before the in- 
tended recipient even has a chance to 
open the infected file. 


CONCLUSION 

To protect your company’s network 
against viruses, you need to evaluate 
the entire network and provide the 
appropriate type of protection at each 
point of entry to the network. When 
creating a virus-protection plan for 
your company’s network, follow these 
simple steps: 


¢ Configure the virus-protection soft- 
ware running on the server to perform 
regularly scheduled checks on all 
mounted volumes on the server. 

e Install a virus-checking utility on the 
DOS partition of the server. If you 
down the server and perform main- 
tenance tasks at the DOS prompt 
before NetWare is loaded, you could 
introduce viruses on the C drive. 
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® Install virus-protection software on 
every workstation attached to the 
network. You should configure this 
software to check every read and 
write operation to all drives, includ- 
ing removable media drives (floppy 
diskette, ZIP, JAZ, and CD-ROM 
drives). 

If your company uses the Internet 
frequently, you should consider pur- 
chasing an Internet virus-checking 
program. Some of these programs 
are add-ons to firewall products, and 
some of these programs are stand- 
alone gateways that sit between the 
router to the Internet and your com- 
pany’s network. 

e If your company receives a lot of 
e-mail messages that contain attach- 
ments, you should consider purchas- 
ing an e-mail virus-checking program. 
You should teach users how to man- 
ually check files for viruses. You 
should also implement a company- 
wide policy that provides guidelines 
for bringing files from home, down- 


loading files from the Internet, and 
distributing these files. This policy 
should, at the very least, make users 
responsible for performing a manual 
virus check on each file and diskette. 


You can find more information about 
virus protection and virus-protection 
software at the following World-Wide 
Web sites: 


© Network Associates’ web site at http:// 
www.nai.com/vinfo or http://www.nai. 
com/products/antivirus 

¢ Dr. Solomon’s web site at http://www. 
drsolomon.com/home/home.cfm 

¢ Computer Associates’ web site at 
http://www.cheyenne.com/virusinfo or 
http://www.cheyenne.com/security 

e Symantec’s web site at http://www. 
symantec.com/nav 


Mickey Applebaum has worked with 
NetWare for more than 14 years. Mickey 
provides technical support on the Internet 
for The Forums (http://theforums.com). @ 


Requirements 
or Castelle's 


Fax Server: 


FaxPress is a complete hardware/software 


fax server offering desktop and Internet 
faxing, For more information, call 


800-595-4431 or visit www.castelle.com. 
Call now for your FREE 30-day evaluation! 


CASTELLE 


The Complete Fax Server Solution 


For more information, visit http://advertise.nwconnection.com. 


Novell. 


NetWare 5 


Novell is now shipping NetWare 5, the latest version of 
Novell’s industry-leading network operating system. NetWare 
5, which is based on open Internet standards, provides pure 
IP support. As a result, you can easily and securely manage 
applications across diverse platforms and across the Internet. 

You can purchase NetWare 5 from a Novell authorized re- 
seller. If your company is running an earlier version of NetWare, 
you can take advantage of upgrade pricing. 

For more information about NetWare 5, visit Novell’s World- 
Wide Web site (http://www.novell.com/netware5). (See also 
“NetWare 5: Novell Returns to Its Roots,” NetWare Connection, 
Sept. 1998, pp. 6-11. You can download this article from http:// 
www.nwconnection.com/sep.98/ntware98.) You can also call 


1-888-321-4272 or 1-801-228-4272. 
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Novell recently released the open beta version of Novell 
Directory Services (NDS) for NT 2.0. NDS for NT 2.0 elimi- 
nates many problems associated with managing Windows NT 
servers in a NetWare environment. In addition, NDS for NT 
2.0 also simplifies the process of managing Windows NT do- 
mains. For example, NDS for NT 2.0 allows you to create 
NDS objects for Windows NT domains and to manage these 
objects in the same way as you manage other NDS objects. 
You can also manage Windows NT users and groups by using 
Novell’s NetWare Administrator (NWADMIN) utility or 
Microsoft’s User Manager utility. 

With NDS for NT 2.0, you can use your company’s net- 
work to launch any application that requires a Windows 
NT server or a Windows NT domain. NDS for NT 2.0 sup- 
ports all versions of NetWare and Windows NT, including 
NetWare 5. 

You can download the open beta version of NDS for NT 
2.0 free from http://www.support-novell.com/beta/public. For 
more information about NDS for NT 2.0, visit Novell’s web 
site (http://www.novell.com/products/nds/nds4nt). You can 
also call 1-888-321-4272 or 1-801-228-4272. 


GroupWise 5.5 


Novell is now shipping GroupWise 5.5, a collaboration 
solution that allows you to easily gather, access, and exchange 
information across your company’s network or the Internet. 
GroupWise 5.5, which is year-2000 ready, provides expanded 
document management, calendaring, scheduling, and Inter- 
net publishing capabilities. In addition, GroupWise 5.5 pro- 
vides increased flexibility. For example, you can use Group- 
Wise 5.5 to connect telephones, pagers, personal digital 
assistants (PDAs), and other collaboration systems on your 
company’s network. 
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GroupWise 5.5 server software runs on a NetWare 5, 
NetWare 4, NetWare 3, or Windows NT server. GroupWise 
5.5 client software runs on a Windows NT, Windows 98, 
Windows 95, or Macintosh workstation. 

You can purchase GroupWise 5.5 from a Novell author- 
ized reseller. If you are migrating to GroupWise 5.5 from 
another collaboration platform, you can take advantage of 
special discounts and migration packages. 

For more information about GroupWise 5.5, visit Novell’s 
web site (http://www.novell.com/groupwise). You can also call 


1-888-321-4272 or 1-801-228-4272. 
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Novell recently announced that Zero Effort Networks 
(Z.E.N.works) 1.1, which is scheduled for release later this 
year, will include a five-user version of Check 2000 Client 
Server, a year-2000 risk assessment product from Greenwich 
Mean Time. (Novell will also offer a standalone version of 
Check 2000 Client Server to customers who do not use 
Z.E.N.works 1.1.) With Z.E.N.works 1.1 and Check 2000 
Client Server, you can efficiently deploy year 2000-ready 
products across your company’s network, and you can help 
protect this network from the millennium bug. (For more 
information about protecting your company’s network against 
the millennium bug, see “Exterminating the Millennium 
Bug Before It Wreaks Havoc on Your Company’s Network,” 
NetWare Connection, June 1998, pp. 8-20. You can down- 
load this article from http://www.nwconnection.com/jun.98/ 
yr200068.) 

Novell’s Z.E.N.works 1.1 is a directory-based desktop 
management tool that simplifies the process of accessing 
and managing network resources. For example, you could use 
Z.E.N.works 1.1 to distribute year 2000-ready applications 
to every desktop on your company’s network, and you could 
then use NDS to prevent unauthorized users from accessing 
these applications. Z.E.N.works 1.1 also provides pure IP sup- 
port, a simplified GUI, and remote management capabilities 
that you can use to manage Z.E.N.works clients from a central 
ManageWise console. 

Greenwich Mean Time’s Check 2000 Client Server is a 
diagnostic and corrective toolset that scans hardware, soft- 
ware, and data for the millennium bug. If a problem exists, 
Check 2000 Client Server alerts you of this problem. When 
used in conjunction with Z.E.N.works 1.1, Check 2000 Client 
Server allows you to continually monitor the year-2000 status 
of your company’s network. 

For more information about Z.E.N.works 1.1, visit Novell’s 
web site (http://www.novell.com/products/nds/zenworks). You 
can also call 1-888-321-4272 or 1-801-228-4272. For more 
information about Check 2000 Client Server, visit Greenwich 
Mean Time’s web site (http:/Avww.gmt-2000.com/ck2000cs.htm). 
You can also call +44 (0) 1243 787468. @ 


She ae of Centifiabilily 


E= Me’ (Education = Major Cash’ 


So you want to be one of the technologically elite—sought after, in demand, popular, cool, 
making the big bucks? Networking education may be your ticket to the top. 


Need to become a NetWare 5 expert? Want to learn how to troubleshoot problems or 
design an efficient network? Visit or call the Novell Authorized Education Center (NAEC) in your area, 
or visit the NAEC web link (http://www.nwconnection.com/naec). 


ARKANSAS 


Complete Computing, Inc. 

400 West 7th Street 

Little Rock, AR 72201 

(800) 880-2949, (501) 372-3379 


E-mail: Training@complete.com 


CALIFORNIA 


New Horizons Computer Learning 
Center of Bakersfield 

5121 Stockdale Hwy, Suite 150 
Bakersfield, CA 93309 

(805) 397-3606 

Contact: JC Coldren 

E-mail: jcoldren@nhbakersfield.com 


New Horizons Computer Learning 
Center of San Diego 

9191 Towne Centre Drive, Suite 410 
San Diego, CA 92122 

(619) 558-5555 
hetp://www.nhsandiego.com 


New Horizons Computer Learning 
Center of Santa Ana 

1231 E. Dyer Road, Ste. 140 

Santa Ana, CA 92705 

(714) 556-1220, (310) 348-1144 


www.newhorizons.com 


CONNECTICUT 


IKON Technology Services 
Education Services Unit 

17 Britton Drive 
Bloomfield, CT 06002 

(860) 243-1000 


www.ikontechne.com 


NextAge, Inc 

401 Merritt 7 

Norwalk, CT 06851 
(800) 989-8989 

Contact: Cal York 

E-mail: sales@nextage.com 


DELAWARE 


Online Consulting, Inc. 

300 Delaware Avenue, 14th Floor 
Wilmington, DE 19801 

(800) 288-8221 

Contact: Mike Ward 


http://vww.onlc.com 


FLORIDA 


TrainX 

14411 Commerce Way, Suite 400 
Miami Lakes, FL 33016 

(305) 822-8010 

Contact: Faheeda Ali 

E-mail: corp@trainx.com 
http://www.trainx.com 


GEORGIA 


New Horizons Computer Learning Center 
4053 Lavista Road 

Atlanta, GA 30084 

(770) 270-4833 

Contact: Anne Hall 
http://www.newhorizons-atl.com 


INDIANA 


Automated Office Solutions 
401 East Indiana Street 
Evansville, IN 47711 
Contact: Robert G. Parsons 
(800) 392-1176 


E-mail: rgp@aos-evv.com 


MASSACHUSETTS 


New Horizons Computer Learning 
Center of Boston 

5 Old Concord Road 

Burlington, MA 01903 

(781) 229-9565 

Contact: John Zesiger 
hetp://www.nhboston.com 


Springfield Technical Community College 
Center for Business & Technology 

One Armory Square 

Springfield, MA 01105 

(413) 781-1317 

hetp://cbt.stcc.mass-edu 


MINNESOTA 


Benchmark Computer Learning, Inc. 
4510 West 77th Street, Suite 210 
Minneapolis, MN 55435 

(888) Benchmark 


http://www.benchmarklearning.com 


NEW JERSEY 


AlphaNet Solutions 

7 Ridgedale Avenue 

Cedar Knolls, NJ 07927 

(800) Alphanet 
http://education.alphanetsolutions.com 


:Track On Technical Education Centers 
140 East Ridgewood Avenue 

Paramus, NJ 07652 

Contact: Valerie Mazza 

(201) 986-0900 

E-mail: vmazza@trackon.edu 


NEW YORK 


New Horizons Computer Learning Center 
60 Corporate Woods, Suite 300 

Rochester, NY 14623 

(716) 427-2200 

Contact: Kevin Farnsworth 

E-mail: nbrelos@nhrochester.com 


NORTH CAROLINA 


Alphanumeric Systems, Inc. 
3801 Wake Forest Road 
Raleigh, NC 27609 

(919) 781-7575 

Contact: Joe Johnson 
www.alphanumeric.com 


OHO 


Stautzenberger College 

5355 Southwyck Blvd. 
Toledo, OH 43614 

(419) 866-0261 

Contact: George Hawes 
E-mail: website@stautzen.com 


PENNSYLVANIA 


Online Consulting, Inc. 

15th & Ranstead Sts., 14th Floor 
Philadelphia, PA 19102 

(800) 288-8221 

Contact: Mike Ward 
http://www.onlc.com 


PUERTO RICO 


DRC Corp - Training Center 
DRC Center Building 

1608 Ponce de Leon Ave, Ste. 500 
Santurce, PR 00909 

(787) 725-3539 

Contact: Kathy C. Barreto 

E-mail: Kbarreto@drecorp.com 


TEXAS 


C-TREC 


Computer Technology Research & Educ. Center 


1700 West Loop South, Ste. 1100 
Houston, TX 77027 

Contact: Doug Waterman 

(713) 871-8411 


www.ctrec.com 


UTAH 


Knowledge Alliance 

341 South Main Street, Ste. 406 
Salt Lake City, UT 84111 
Contact: Melinda Zito-Haase 
(801) 322-2211 


E-mail: mzito@kalliance.com 


WASHINGTON 


Capital Business Machines, Inc. 
PO Box 1456 

3660 Pacific Avenue 

Olympia, WA 98507 

Contact: Renae Hackett-Thurman 
(360) 491-6000 


E-mail: renae@cbm-wa.com 


CANADA 


Drake Training & Development 
#1100, 333-7th Avenue SW 
Calgary, AB T2P 2Z1 Canada 
(800) 423-9344, (403) 266-8971 
Contact: Darlene Laberee 

E-mail: dlaberee@draketraining.com 


For more information about 
being included in the NAEC 


listing, please call Brian 
Smith at 1-801-465-4901. 


Can | Help You? 
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NetWare. Users 
International 


Exploring Your Technical Support Options 


Patrick Khoo 


ot long ago, my company’s GroupWise 5.2 server stopped 

working for no apparent reason. After a long and frustrat- 
ing struggle trying to solve the problem, we sought help. The 
solution was simple: We needed to increase the amount of 
available RAM and move GroupWise 5.2 to a newer, faster 
server. After we made these changes, GroupWise 5.2 was up 
and running again, problem free. 

Fortunately, finding help for NetWare and other Novell 

products is easy. The biggest challenge often lies in deciding 
which of the many resources to consult. 


ASK A SPECIALIST 

Regardless of where you live or what your networking prob- 
lem is, the first resource you should turn to is a Novell autho- 
rized reseller or a systems integrator. Most resellers and systems 
integrators have trained technicians, CNEs, and Master CNEs 
who can answer your questions and help solve problems. Re- 
sellers and systems integrators may also be able to provide you 
with on-site or remote technical assistance. 

Although most resellers and systems integrators can provide 
a high level of service and technical support, some resellers or 
systems integrators may not be thoroughly trained to support 
all Novell products. When choosing a reseller or systems inte- 
grator, you should ask which products each one supports and 
ask for references. 


ASK NOVELL 

If your reseller or systems integrator cannot answer your net- 
working question, your next resource should be Novell’s tech- 
nical support group, which consists of a worldwide network of 
personnel who are dedicated to helping you solve your network- 
ing problems. For the southeast Asian region (where I live), the 
primary technical support center is located in Australia. A high- 
ly capable support staff is based in Singapore’s local Novell of- 
fice as well. A networking issue that originates in Singapore may 
be solved by Novell’s support personnel in Singapore, Australia, 
or anywhere else in the world. 

To find the Novell support center nearest you, visit Novell’s 
web site (http://support.novell.com/misc/worldwide.htm). 


ASK YOUR NETWARE USER GROUP 


If you enjoy the challenge of solving your own networking 
dilemmas, you can turn to your local NetWare user group. Mem- 
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bership in a NetWare user group provides many benefits. For 
example, if you were a member of the NetWare User Group 
Singapore (NUGSIN), you could contact NUGSIN members 
through e-mail. Chances are good that someone in the group 
has had a question similar to yours, and he or she may have 
already discovered a quick solution to your problem. 

When you join a NetWare user group such as NUGSIN, 
you also have access to technical seminars and product pre- 
views. For example, before NetWare 5 was released, NUGSIN 
organized a special NetWare 5 technical seminar. Events such 
as these give you early access to information that can help you 
solve a current networking problem or even prevent a future 
problem. 

To find the user group nearest you, see the list on pp. 45-47 
or visit NetWare Users International’s World-Wide Web site 
at http://www.novell.com/nui/groups. You can visit NUGSIN’s 
web site at http://www-nugsin.org.sg. 


ANSWERS ONLINE 

Finally, you can turn to the Internet for an abundance of on- 
line technical support sources. Because you are using NetWare or 
other Novell products, the most important web site is the Novell 
Support Connection (http://support.novell.com). This web site 
contains the minimum patch list, from which you can download 
all of Novell’s latest patches and updates (http://support.novell. 
com/misc/patlst.htm). From this web site, you can also search 
Novell’s KnowledgeBase (http://support.novell.com/search/kb_ 
index.htm) for Technical Information Documents (TIDs). TIDs 
can help answer your technical questions, and they often contain 
links to downloadable software files, patches, and drivers. 

Another place to find answers to your questions is Novell’s 
Support Forums (http://support.novell.com/pforum). From this 
site, you can interact online with NetWare users worldwide. In 
addition, Novell system operators regularly review the forums 
and answer questions. 

With so many resources, your most difficult problem may be 
deciding which resource to use first when you are faced with a 
networking problem. Whatever your problem, and whether you 
live in Singapore or Provo, Utah, help is always just around the 
corner. 

Patrick Khoo is the editor-in-chief for a monthly magazine in 
Singapore. He is also a Certified Novell Administrator (CNA) and 
aCNE. @ 


Illustration: Jessica Chen 


NetWare Users International 


NetWare Users International (NUJ) is an as- 
sociation designed to support Novell network- 
ing professionals. NUI members represent all 
facets of the networking industry, including 
network administrators, IS managers, systems 
integrators, CNEs, Master CNEs, and Cer- 
tified Novell Administrators (CNAs). 


NETWARE USER GROUPS 

Each NetWare user group is designed to meet 
local needs. Some of the benefits of member- 

ship in a NetWare user group are listed below: 


e Product demonstrations from Novell and 
other vendors 

¢ Newsletters that provide tips and tricks for 
managing your company’s network 

e A World-Wide Web site to keep you informed 


on what is happening in your local group 


e A software library containing Novell products 
and technologies and the Novell Support 
Connection CD—a comprehensive library of 
support resources from Novell 

e Contact with other networking professionals 


Although not all benefits are available in all 
user groups, you will find the user group in 
your area a valuable resource. 


The following list contains contact information 
for NetWare user groups worldwide. If you can’t 
find a NetWare user group in your area, visit 
NUI’s web site (http://www.novell.com/nui/ 
groups). You can also call 1-800-228-4684 or 
1-801-228-4500, or fax 1-801-228-4577. 


All numbers outside the U.S. or Canada are 
listed with their city codes. Please contact your 
local long-distance carrier for the current 
country codes. © 


ASIAN REGION 


CHINA 
Hong Kong Richard Li 
+852-2766-5495 
INDIA 
Bombay Marwah Bhavan 
+22-835-1995 
JAPAN 
Tokyo Mr. Yoshihiro Agata 
+3-5375-4030 
SINGAPORE 
Singapore Margaret Tan 
+65-3787-108 
AUSTRALASIAN REGION 
NEW ZEALAND 
Auckland Craig Harrison 
+9-520-0221 
Auckland Pat Rossiter 
+9-367-5886 
AUSTRALIA 
Canberra Len Carriage 
+418-970545 
Riverina Bernard Storrier 
+69-375674 
Sydney Geoff May 
+269-318-2333 
Brisbane David Pinkerton 
+415-733-869 
Adelaide Christian Legg 
+8-8303-4672 
Melbourne Marc Heymann 
+3 9525-5755 
Perth Jose L. Marti 
+8-9227-4140 
LATIN AMERIGAN REGION 
ARGENTINA 
Buenos Aires Jose Luiz Muzzupappa 
+54-1 3814241 
BRAZIL 
Rio de Janeiro Richard Beckerig Maciel 
+21-447-7088 
Sao Paulo Sergio Agusto V Ribeiro 
+11-3138-7204 
CHILE 
Santiago Patricio Fierro 
+2-207-2673 
COLUMBIA 
Bogota Santiago Algorta 


+571-410-6355, ext. 1233 
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PARAGUAY 
Asuncion Raul Descalzo 
+21-492974, ext. 230 
SURINAME 
Paramaribo Sharma W. Punmasi 
+597-422-475 
URUGUAY 
Montevideo Roberto Medeyros 
+2-816-1717 
EUROPEAN REGION 
BELGIUM 
Antwerp Martine DeBrucker 
+3-075-24-03-69 
DENMARK 
Copenhagen Charlotte Oedegaard 
+38 34 77 88 
FINLAND 
Helsinki Thomas Lindroos 
+40-591-1536 
FRANCE 
Paris Laurent Geral 
laurent_geral.ncf@novellclub.org 
GERMANY 
Bergheim/K6nigsbron Ralf Ladner 
+22-71-64380 
GREECE 
Athens Nikos Zavitsianos 
+1-807-6199 
IRELAND 
Dublin Jerome Baxter 
+1-705-2222 
ISRAEL 
Tel Aviv Zvika Davidowitz 
+3-9641615 
ITALY 
Milan Mr. Guido Chiappini 
+2-582-1-9541 
KENYA 
Nairobi Leonard Mware Oloo 
+294-2-891201 
NETHERLANDS 
Tie Gerard Zonjee 
+31 34 46 61 323 
NORWAY 
Oslo Geir Mork 
+6758-9930 
POLAND 
Warsaw Janusz Marczyk 


+22-658-6754 
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PORTUGAL 
Lisbon 


ROMANIA 
ucharest 


Ww 


RUSSIA 
oscow 


Bashkiria/Ufa 
Novosibirsk 


St. Petersburg 


Artur Filipe Henriques 
+1-422-8990 


Rares Serban 
+1-210-3305 


Konstantine Stowlolsow 
+095-941-8075 


Gouzel Souleimanova 
+347-225-3771 


Maxime Ovsyannikov 
+383-2181-434 


Dmitry Safronov 
+812-185-4988 


SLOVAKIA 
Zilina Jan Sladek 
+1-89-6774-286 

SOUTH AFRICA 

Johannesburg Mike Currin 
+31-831-830 

SPAIN 

Madrid Alfonso Gonzélez 
+1-555 6567 

SWEDEN 

Stockholm Sgren Bergmark 


+1025-60008 


UNITED KINGDOM 


Kent/Rochester 


Peterborough 


Neil Corbett 
+181-541-9755 


Paul Gardner 
+1733-211-212 


WEST AFRICA/TOGO 


Lome 


d’ALMEIDA Ayi Mawuena 


+228-269 379 


NORTH AMERICAN REGION 

CANADA 

Alberta 

Calgary Scott G. Perley 


+403-974-1338 


British Columbia 


Fraser Valley 


Vancouver 


Manitoba 
Winnipeg 


Nova Scotia 
Halifax 


Richard Barker 
+604-864-4616 


Sharon Richardson 
+604-541-7565 


Paul Unger 
+204-228-0031 


Randy Wilson 
+902-468-9896, ext. 42 


Ontario 
Kitchener Chris Horton 
+519-575-4570, ext. 3048 
London Doug Eaton 
+519-673-1215 
Ottawa Ken Preston 


+613-591-6050 


Prince Edward Island 


Charlottetown John Donahoe 


+902-566-9506 


UNITED STATES 

Alaska 

Anchorage Dean Davis 
907-267-2420 

Arizona 

Flagstaff Rick Smith 
520-523-0066 

Phoenix Randy Merrill 

602-640-5800, ext. 264 

Tucson Michael Hicks 
520-791-3154 

Arkansas 

Little Rock Wayne Goodrich 
501-682-6184 

California 

Bakersfield Robert Stout 

805-721-5000, ext. 136 

Fresno Robin Small 
209-498-4137 

Los Angeles Barry Chapman 
818-756-6326 

Modesto/Stanislaus Robert Vipond 
209-527-5171 

Monterey Marco Bravo 
408-758-5316 

Oakland Andy Zutler 


408-616-6333 


Daris Bouthillier 
714-895-9974 


Orange County 


Sacramento John Kreamer 
916-387-2082 
San Diego Jim Fry 
619-546-2810 
San Francisco Doug Spindler 
510-258-0204 
San Jose/Silicon Valley Allan Hurst 


650-525-4567 


San Ramon Vince Montgomery 
925-456-9980 
Visalia Ed Burckhardt 
209-737-4660, ext. 2255 

Colorado 
Denver Raecine Chaney 
303-798-6136 
Fort Collins Patty Joseph 


970-350-9295 


Connecticut 


Fairfield County Jay Ferron 
203-937-9477 

Hartford Helene Rosenblatt 
860-466-1624 

Delaware 

Wilmington Doug Dirsch 


609-478-0025 


District of Colurnbia 


Washington Larry Will 
301-231-2013 
Florida 
Daytona Beach Enrique ‘Rico’ Nieves 
904-226-6193 
Miami Esther Fleming 
305-626-7263 
Naples Randi Zwicker 
941-436-6504 
Orlando Nancy Abbott 
407-667-7412 
Sarasota Paul Boserup 
941-483-7099 
Tallahassee Elaine Hebenthal 
904-222-9000 
Tampa/St. Petersburg Alan Frayer 
941-504-0373 
Titusville David Striby 
407-632-8175 
West Palm Beach Paul Leder 
561-691-2609 
Georgia 
Atlanta Kelley Osburn 
770-645-6099 
Savannah Tammy Brannen 
912-681-0586 
Hawaii 
Honolulu Brian Chee 
808-541-1924 
Idaho 
Idaho Falls James Acevedo 
208-526-1835 
Moscow James M. Cassetto 
208-885-6492 
Twin Falls John Stevens 
208-423-6519 
Illinois 
Champaign Joseph DeWalt 
217-337-5558 
Chicago Ozzie Calvopina, Jr. 
630-810-9029 
La Salle Thomas J. Martini 
815-434-3081, ext. 233 
Peoria Brian Milbrandt 
309-637-8446 
Rockford Garry Gillette 


815-282-2190 


Springfield Randy Turner 
217-524-4979 

Indiana 

Evansville Brian Ricci 
812-476-6662 

Indianapolis Charlie Wood 
317-872-8844 

Merrillville Laurie Giobbi 
219-736-2667 

lowa 

Davenport Brian Lees 
309-794-6485 

Des Moines David Rowen 
515-285-8800 

Fort Dodge Marc Matthes 
515-574-5477 

Kansas 

Manhattan Larry Havenstein 


913-532-6270 


Wichita John Matrow 
316-636-8851 


Kentucky 

Owensboro James Clark 
502-687-8617 

Maryland 

Baltimore John Boblitz 
410-786-2089 

Univ. of Maryland Jay Elvove 


301-405-6906 


Massachusetts 
Boston Andrew Daitch 
bnug_request@bnug.org 
Michigan 
Ann Arbor Bill Connett 
313-764-4417 
Detroit Dawn DeLong 


313-874-6957 


Michael J. Mattingly 
517-351-7501 


Paul Baumgartner 
616-975-8458 


Kalamazoo Tom Birkenbach 
616-674-8001, ext. 341 


Gerry Barczak 
616-935-6521 


East Lansing 


Grand Rapids 


Traverse City 


Minnesota 


Minneapolis/St. Paul LeAnn Ogilvie 


612-779-7301 


Mississippi 

Jackson Peck Lowe 
601-649-6107 

Tupelo David Neilsen 


601-680-8534 


Missouri 

Columbia Deon Frank 
573-882-5380 

Joplin Andy Middleton 
417-625-9799 

Kansas City Anita Baude 
913-588-2871 

St. Louis Richard Warwick 
314-926-8134 

Nebraska 

Lincoln Lyndon Hinton 
402-423-6521 

Omaha John H. Bezy III 
402-431-5432 

Nevada 

Reno Joe Bertnick 


702-787-9319 


New Hampshire 


Nashua Jean McKay 
603-429-3458 


New Jersey 

Paramus Scott Leyshon 
973-252-1315 

New Mexico 

Albuquerque Ned Adams 
505-833-1377 

Santa Fe David Klein 
505-827-2323 

UNM/Albuquerque Elliott Bailey 
505-277-4447 

New York 

Buffalo Chuck Wonch 


716-343-0536, ext. 240 


Scott Brennan 
518-237-9994 


Capital District 


Long Island Michael Carey 
516-293-8600 
New York Vicente E. Grillo 
212-730-7949 
Rochester Mark Lombard 
716-235-5599 
White Plains Paul Newman 


914-736-7890 


North Carolina 


Asheville Larry Pace 
704-685-7032 
Charlotte Will Leger 
704-847-5606 
Wilmington Michael Ayers 


910-251-0081 


Tony Thornton 
336-222-7566 


Winston-Salem 


North Dakota 


Fargo Karl Ortner 
701-271-5092 


Ohio 
Cincinnati Ralph Davis 
513-948-3572 
Cleveland Rich Herr 
440-774-8086 
Dayton Carlos Landaburu 
513-223-1278, ext. 203 
Oklahoma 
McAlester Charles O'Leary 
918-423-6387 
Oklahoma City Al Smith 
405-717-4241 
Oregon 
Medford Roger D. Linhart 
541-776-9800, ext. 374 
Portland Robert Young 
503-259-2614 
Salem George Lyon 


503-947-7370 


Pennsylvania 


Allentown William Barber 
610-264-8029 

Erie David DeWall 
814-870-4522 

Harrisburg Scott Knaub 
717-763-5724 

Philadelphia Frank Gioffre 
609-567-7898 

Puerto Rico 

Bayamon Felix R. Lafontaine 


787-780-2719 


Rhode Island 


Providence Bill Dwyer 


401-752-6414 


South Carolina 


Columbia William Crayton 
803-737-4928 
Greenville George Stillwell 


864-421-0011 
South Dakota 


Sioux Falls Tom Schulte 
605-367-7624 
Tennessee 
Chattanooga Stephen Walker 
423-499-2273 
Johnson City Richard Hale 
423-283-7426 
Memphis Jim Young 
901-371-0628 
Nashville Brenda Clark 
615-244-1681, ext. 6032 
Texas 
Austin Bill Hiebeler 


512-292-0748 


College Station Mike Gerst 
409-845-9689 
Dallas Tom Boutwell 
972-250-7146 
Denton Roy Zumwalt 
940-565-2498 
Houston Don Young 
713-837-0392 
San Antonio Don Shrum 
210-826-5501 
Tyler Cherie Brown 
903-561-3051 
Waco Dave Burgett 
254-750-3554 
Utah 
Logan Gary Egbert 
435-797-1476 
Salt Lake City Jim Henderson 
801-961-4417 
Vermont 
Burlington James Booska 
802-658-9867, ext. 9508 
Virginia 
Richmond Jim Barbour 
804-935-2115 
Roanoke Frank Pividal 
540-772-4142 
TCC/Virginia Beach Greg Tennefoss 
804-427-7331 
Virginia Beach Michael Rouleau 
804-444-4963 
Washington 
Bellingham Dave Auer 
360-650-2904 
Seattle William Higgins 
206-789-8343 
Spokane/Post Falls Mark Perrelli 
208-783-2232 
West Virginia 
Clarksburg Tom Moran 
304-293-4611 
Huntington William A. Sisemore 
304-778-7292 
Morgantown Randy Martin 
304-285-4766 
Wisconsin 
Green Bay Matthew Schlawin 
920-739-4441 
Madison Tom Yost 
608-831-7704 
Milwaukee Joan Neigbauer 
414-790-3445 
Wyoming 
Riverton Dean Peranteaux 


307-856-9407 © 
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Magazines on the Web 


Matthew Jones 


A the staff of NetWare Connection could tell you, publishing a 
print magazine can be extremely expensive and time con- 
suming. The Internet, however, has presented a new opportunity 
for would-be publishers: online magazines. With a World-Wide 
Web site, some web publishing tools, and a few writers and ed- 
itors, companies can now create an online magazine, taking ad- 
vantage of this cost-effective alternative to print magazines. 

The online magazines mentioned in this article feature tech- 
nical information about the latest products and technologies. Un- 
like many print magazines, these online magazines do not require 
you to purchase a subscription. 

After you have read a few articles, you might want to check 
out this month’s network resources and games. You can also read 
about the new products I have found. (See “Product Snapshots.”) 


WORLD-WIDE WEB SITES 

Although NetWare Connection isn’t available only on the 
Internet, I thought I should mention that the NetWare Connec- 
tion web site has moved to http://www.nwconnection.com. This 
web site not only has a new URL, but it also has a new look and 
several new features: 


¢ Enhanced Online Subscription Form. If you subscribe to the 
print version of NetWare Connection, you should receive a 
notification in the mail once a year, reminding you that it’s 
time to renew your subscription. Instead of mailing or faxing a 
subscription card each year, you can complete the online sub- 
scription form. You can also complete this form to receive a 
new subscription or to change your address. 
If you live in the United States or Canada, you can receive 
a free subscription to the print version of NetWare Connection. 
If you live outside the United States or Canada, the cost is 
USS. $24 for one year, U.S. $45 for two years, or U.S. $65 for 
three years to cover shipping costs. You can now purchase a 
subscription online by securely submitting your credit card 
information over the Internet. 
¢ Enhanced Online Bookstore. The NetWare Connection Book- 
store has added shopping cart technology, which allows you to 
purchase products online by securely submitting your credit 
card information over the Internet. The NetWare Connection 
Bookstore regularly features new products. You can purchase 
these products at 20 to 30 percent off the retail price. You can 
also find Novell advanced technical training videos, third- 
party technical training videos, and CD-ROMs. 
Advertiser Information. If you want more information about 
any of the products or services advertised in the print version 
of NetWare Connection, you can take advantage of hypertext 
links to each advertiser’s web site. You can also find advertiser 
information by clicking the banner ads that appear on the 
NetWare Connection web site, and you can find contact infor- 
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mation for some of the Novell authorized education centers 

(NAECs) located throughout the United Stares and Canada. 
¢ Search Engine. The NetWare Connection web site continues to 

offer past issues online, but locating articles is easier than ever: 

You can use the new search engine to find a specific article or 

to find articles about a particular subject. You ‘ao longer have to 

manually search every past issue to locate the articles you need. 
° Utility Database. You can download shareware and freeware 
utilities from the NetWare Connection web site. These utilities 
are now stored in a database, so you can access them quickly 
and easily. You can also use this database to submit utilities that 
you want to see added to the NetWare Connection web site. 
Tips and Tricks. If you are interested in finding out how to 
perform new networking tasks, to troubleshoot networking 
problems, or to avoid these problems altogether, you need to 
check out the tips and tricks that have been added to the 
NetWare Connection web site. Because these tips and tricks 
change daily, you can learn something new every day. 


After you explore these new features on the NetWare 
Connection web site, you might want to visit Win98 Magazine 
(http://www.win98mag.com). This online magazine, which is 
published every two months, is an excellent resource if you have 
recently upgraded, or are considering upgrading, to Windows 98. 
You can read articles about installing and managing Windows 98 
as well as articles about using the new features of Windows 98. 

Even if you are using Windows NT or Windows 95, you can 
find useful information in Win98 Magazine. For example, before 
Windows 98 was released, this online magazine was called Win95 
Magazine, and you can access past issues of Win95 Magazine. You 
can also download shareware and freeware utilities for Windows 
NT, Windows 98, and Windows 95. In addition, you can view 
tips and tricks, purchase books online, and participate in several 
forums that allow you to exchange Windows-related information 
with other users. 

JavaWorld (http://www.javaworld.com) is a monthly online 
magazine that focuses on Sun Microsystems’ Java programming 
language. Whether you are a developer or a network administra- 
tor, you can find useful information in JavaWorld. You can read 
articles from the current issue or past issues, and you can sign up 
to receive an e-mail message when new articles are published. 

You can also view tips and tricks and a list of upcoming Java 
events, training courses, and seminars. You can even download 
tools that help you develop and manage Java products. 


NETWORK RESOURCES 

Because the Internet changes so quickly, keeping up with 
the latest terminology is nearly impossible. If you encounter an 
acronym that you can’t decipher, visit NetLingo (http://www. 
netlingo.com), an online dictionary that specializes in Internet 


Product Snapshots 


When | am looking for the latest games, | often find new and 
interesting products. Product Snapshots gives you a quick overview 
of the most useful products | have found during the past month. 
(Please note that these are first-look reviews.) 


MONSTER 3D II 

Monster 3D II from Diamond Multimedia is a PCl-based graph- 
ics upgrade board that allows you to take advantage of the latest 
3-D technology without replacing your existing graphics board. 
Monster 3D II works with the 2-D or 3-D graphics board you al- 
ready have installed, improving 3-D throughput. 

Monster 3D II uses the Voodoo2 3Dfx controller, which provides 
excellent 3-D capabilities for any game that uses the Glide, 
Direct3D, and Mini GL graphics standards. With this controller, 
Monster 3D II generates more than 60 frames per second during 
game play and offers three separate 3-D engines that enhance 
both the performance and the appearance of graphics. 

Monster 3D II includes two ports: a VGA-IN port and a VGA- 
OUT port. In addition, Monster 3D II includes a pass-through 
cable that you can use to connect your existing graphics board to 
Monster 3D II, which you can then connect to your monitor. 

You can purchase Monster 3D II through retail channels in two 
configurations: one with 8 MB of memory and one with 12 MB of 
memory. The suggested retail price is U.S. $229 and U.S. $279, 
‘respectively. For more information about Monster 3D II, visit 
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Diamond Multimedia’s web site (http:/www.diamondmm.com). 
You can also call 1-800-468-5846 or 1-408-325-7000. 


COPEASE 

CopEase is a file management utility from Vinca Corp. CopEase, 
which supports NetWare 3.12, NetWare 4, intraNetWare, and 
NetWare 5 allows you to access files stored on both the DOS par- 
tition and the NetWare partition from the server console. 

If you install CopEase on only one server, you can move files 
between the DOS partition and the NetWare partition. You can 
also copy and delete files and directories, set file attributes, create 
directories, and view directory listings. In addition, you can analyze 
a particular NetWare Loadable Module (NLM), viewing a list of 
other NLMs that must be loaded to run this NLM and searching 
the server for the necessary NLMs. 

If you install CopEase on multiple servers, you can access 
advanced features as well. For example, you can copy files and 
directories between the DOS partition and the NetWare partition 
across servers, and you can update files across servers. CopEase is 
especially useful for updating patches and drivers. 

To prevent unauthorized users from performing tasks offered by 
CopEase, you can assign a password for each task. A user must 
then enter the correct password to perform a particular task. 

You can purchase CopEase through retail channels at the 
suggested retail price of U.S. $149. For more information about 
CopEase, visit Vinca’s web site (http://www.vinca.com). You can 
also call 1-888-808-4622 or 1-801-223-3100. o 


technologies. You can look up a word, 
browse a list of words, or add a word to 
the database. In addition, you can also 
launch a “pocket dictionary” that appears 
in a separate window in your web browser. 
You can then refer to this dictionary if you 
read an unfamiliar word as you surf the 
Internet. You can even find a complete 
list of emoticons, which are symbols that 
users often enter in e-mail messages or 
chat rooms to express their feelings. : ) 

If you can’t find what you need in Net- 
Lingo, turn to PC Webopaedia (http:// 
www.pcwebopaedia.com). Like NetLingo, 
PC Webopaedia offers the ability to look 
up a word and to add a word to the data- 
base. Rather than providing basic defini- 
tions, however, PC Webopaedia offers 
more in-depth entries. For example, if you 
looked up firewall, you would not only 
learn what a firewall is, but you would also 
learn about each type of firewall and find 
a list of hypertext links to web sites that 
discuss firewalls. 


NETWORK GAMES OF THE MONTH 
Because more games are being created 
with networking capabilities, both of this 
month’s games are network games. If you 
want to recommend a standalone game for 


review, please send an e-mail message to 
matthew@netfire.com. 


MechCommander 

MechCommander from Microprose 
and FASA Interactive is a strategy game 
similar to the popular games Command 
& Conquer and Warcraft. As the game 
begins, you assume the role of a Mech 
commander on a planet called Port Ar- 
thur, which is under attack by the rival 
Smoke Jaguar Clan. Your mission is to 
reclaim your lost territory by defeating 
this technologically superior enemy. To 
do so, you must send your raw recruits 
into battle, and you must organize the 
entire unit, managing combat supplies, 
vehicle repairs, and weapons upgrades. 

MechCommander supports Windows 
95 and Windows 98. You can play Mech- 
Commander with up to five other people 
over a network connection. You can also 
play MechCommander against one other 
person over a modem or the Internet. 

You can download a demonstration 
version from http://www.mechcommander. 
com/info/download-html, and you can 
purchase MechCommander through retail 
channels at the suggested retail price of 
U.S. $49. For more information, visit the 


MechCommander web site (http://www. 
mechcommander.com). You can also call 


1-510-864-4550. 


Rainbow Six 

Rainbow Six from Red Storm Enter- 
tainment is based on the best-selling book 
of the same name by Tom Clancy. In the 
game, you lead a multinational task force 
that is responsible for eliminating terror- 
ism throughout the world. You direct a ser- 
ies of assaults on terrorist installations, 
gradually uncovering a sinister conspiracy 
of catastrophic proportions. You must then 
save the world by finding out as many de- 
tails as you can so you can stop the conspi- 
racy. No pressure, but the game’s slogan is 
“Play as if 5.7 billion lives depended on it.” 

Rainbow Six supports Windows 98 and 
Windows 95. You can play Rainbow Six 
with up to 15 other people over a network 
or Internet connection. 

You can purchase Rainbow Six 
through retail channels at the suggested 
retail price of U.S. $39.99. For more infor- 
mation, visit Red Storm Entertainment’s 
web site (http://www.redstorm.com) or 
call 1-919-460-1776. 

Matthew Jones works for Waterstone 
Consulting in Chicago, Illinois. 
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TCPNP and 
Intranet Ware 


TCP/IP 
ISBN: 0152 


LearnKey’s intra- 
NetWare 4.11 Bundle 


10 videos 

ISBN: 290692 

Retail Price: $789.00 
Our Price: $465.00 


Novell’s Guide to TCP/IP 
and intraNetWare 

Drew Heywood 

788pp ISBN: 45329 

Retail Price: $49.99 

Our Price: $39.99 


Novell’s Guide to Creating 
intraNetWare Intranets 
Karanjit Siyan 

777pp ISBN: 45310 


Retail Price: $39.99 
Our Price: $31.99 


Novell’s Encyclopedia 
of Networking 


Kevin Shafer 

1,192pp ISBN: 45116 om 
Retail Price: $69.99 
Our Price: $48.99 : 


Shop online at http://bookstore.nwconnection.com 


Your Source for Classic Networking Literature 


LearnKey’s NetWare 
5.0 Migration 


Kent Erickson and 
James Swartz 

3 videos ISBN: 290899 
Retail price: $249.95 
Our Price: 199.95 


This set of three videos provides training for 
CNEs who plan to migrate to NetWare 5.0 from 
NetWare 3.x, 4.x, or 4.11 systems. These videos 
contain detailed instructions to ensure success- 
ful NetWare 5.0 migration. 
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Introduction 
to Networking 


Internet Plumbing 


h fandbook 


Novell’s Guide to Resolving 
Critical Server Issues 
Richard Jensen and 

Brad W. Dayley 

600pp ISBN: 45507 

Retail Price: $59.99 

Our Price: $47.99 


Novell’s Guide to NetWare 
for Small Business 4.11 


Eric Harper and David L. Gardner 
408pp ISBN: 45043 

Retail Price: $34.99 

Our Price: $27.99 


Novell’s Certified Internet 
Business Strategist 

Study Guide 

Jim Bowman 

456pp ISBN: 45493 

Retail Price: $39.99 

Our Price: $31.99 


Novell’s Introduction 
to Networking 


Cheryl C. Currid 

328pp ISBN: 45256 

Retail Price: $19.99 32 
Our Price: $13.99 “a 


Novell’s Guide to 
BorderManager 
J.D. Marymee and 
Sandy Stevens 
350pp ISBN: 4540X 
Retail Price: $49.99 
Our Price: $39.99 


Novell’s Internet 
Plumbing Handbook 


Peter Rybaczyk 

311pp ISBN: 4537X 
Retail Price: $34.99 (442 
Our Price: $24.49 


Novell's GroupWise 
5.5 User's Handbook 


Shawn B. Rogers and 
Richard H. McTague 
300pp ISBN: 45523 
Retail Price: $24.99 
Our Price: $19.99 


This reference discusses all the new features 
of GroupWise 5.5, such as Workflow Manager, 
Workflow Professional, GroupWiselmaging, and 
GroupWise Publisher. Also included are task- 
oriented chapters, screenshots, tables, and tips. 


Novell’s Certified Web 
Designer Study Guide 


Jim Bowman 
600pp ISBN: 45485 
Retail Price: $49.99 
Our Price: $39.99 


Novell’s CNE Study Set 
for intraNetWare/ 
NetWare 4.11 

David James Clarke, IV 
2,532pp ISBN: 45337 
Retail Price: $148.99 

Our Price: $104.29 


Novell’s Dictionary 
of Networking 


Kevin Shafer 
640pp ISBN: 45280 
Retail Price: $24.99 
Our Price: $19.99 


omen 
Dictionary of 
Networking 


Novell’s Guide to LAN/AWAN 
Analysis: IPX/SPX 


Laura A. Chappell 
874pp ISBN: 45086 
Retail Price: $59.99 
Our Price: $47.99 


TANTAN Analysis: 
IPX/SPX 


Novell’s GroupWise 5 
User’s Handbook 
Shawn B. Rogers and 
Richard H. McTague 
260pp ISBN: 45094 

Retail Price: $24.99 

Our Price: $19.99 


Novell’s Introduction 
to intraNetWare 


Kelley J.P. Lindberg 
416pp ISBN: 45302 
Retail Price: $39.99 
Our Price: $31.99 


\ C 
intraNetWare 


How To 2000 


Raytheon Systems 
856pp ISBN: 31018 
Retail Price: $49.99 
Our Price: $39.99 


This book tackles the year 2000 issue from all sides. 
It contains a complete description of compliance 
phases, standards for tracking progress, quality- 
assurance guidelines, project monitoring, problem 
definition, and a full review of third-party tools. 


HTML 4 Bible 


Brvan Pfaffenberger and 
Alexis D. Gutzman 
1090pp ISBN: 32200 
Retail Price: $49.99 
Our Price: $39.99 


Navell’s Guide to Web 
Site Management 


Jim Bowman 
8493pp ISBN: 45299 
Retail Price: $59.99 
Our Price: $41.99 


orca Novell’s Guide to Integrating 
Integrating intraNetWare and NT 
IntranetWaressNT “Yo 


J.0). Marymee and 
Sandy Stevens 

_ 529pp ISBN: 4523X 
Retail Price: $44.99 
Our Price: $35.99 


A 


NDS for NT 


Jeffrey F. Hughes and 
Blair W. Thomas 
432pp ISBN: 45515 
Reiail Price: $39.99 
Our Price: $31.99 


Novell’s GroupWise 5 
Administrator’s Guide 
Shawn B. Rogers and 
Richard H. McTague 
704pp ISBN: 45213 

Retail Price: $44.99 

Our Price: $35.99 


be Novell’s CNE Study Guide 
js] for Core Technologies 


| David James Clarke, IV 
| §932pp ISBN: 45019 

Retail Price: $74.99 (i223 
Our Price: $52.49 oy 


Novell Advanced Technical Training Videos by Novell Technical Support Services 


Troubleshooting ManageWise 


ISBN: 0199 


GroupWise 5 Client/Server Configuration 


ISBN: 0201 


Resolving Critical Server Issues 


(Volume 1) 
ISBN: 0204 


Resolving Critical Server Issues 


(Volume 2) 
ISBN: 0205 


Novell Directory Services Fundamentals 


(Volume 1) 
ISBN: 0210 


Retail Price $59.95 


Novell Directory Services Tools 


ISBN: 0212 


intraNetWare Client for Windows NT 


ISBN: 0219 


GroupWise and the Internet 


ISBN: 0255 


Troubleshooting TCP/IP Problems in an 
intraNetWare Environment 


ISBN: 0207 


Technical Differences between NT and 


NetWare 
ISBN: 0164 


Novell Directory Services Health 
Check/Maintenance 


ISBN: 0214 


Additional training videos available at http://bookstore.nwconnection.com 


*Prices are in US dollars and are subject to change. 


Our Price $49.95 


GroupWise and the Web 
ISBN: 0257 


LAN-RIP/SAP and IPX Routing 
ISBN: 0146 


Novell Directory Services Administration 
ISBN: 0213 


BorderManager Up Close and Technical 
(Part 1) 
ISBN: 0259 


BorderManager Up Close and Technical 
(Part 2) 
ISBN: 0260 


Integrating Windows NT into an intraNetWare 


Environment 
ISBN: 0218 


NetWare Web Server/DHCP 
ISBN: 0181 


NetWare 4.11 Server Updates 
ISBN: 0182 


NetWare 4.11 Administration Tools 
ISBN: 0178 


Novell Directory Services 
Troubleshooting 

ISBN: 0215 
Troubleshooting NeiWare 4 


Print Services 

ISBN: 0258 

intraNetWare Client for Windows 95 
and DOS/Windows 3.x 

ISBN: 0217 


NetWare Connection Order Form 


TO ORDER: @ shop online at 


http://bookstore.nwconnection.com 


Qty. ISBN 


- 31018 How To 2000 NEW! 
32200 HTML 4 Bible NEW! 


Product 


45019 Novell’s CNE Study Guide for Core Technologies 30% Off 
45043 Novell’s Guide to NetWare for Small Business 4.11 
45086 Novell’s Guide to LAN/WAN Analysis: IPX/SPX 

45094 Novell’s GroupWise 5 User’s Handbook 
45116 Novell’s Encyclopedia of Networking d0% Ot 
45213 Novell’s GroupWise 5 Administrator's Guide 
4523X Novell's Guide to Integrating intraNetWare and NT 
45256 Novell’s Introduction to Networking #0% Ott 
45280 Novell’s Dictionary of Networking 

45299 Novell’s Guide to Web Site Management 0% Off 


45302 Novell’s Introduction to intraNetWare 


45515 NDS for NT 


45310 Novell’s Guide to Creating intraNetWare Intranets 

45329 Novell’s Guide to TCP/IP and intraNetWare 

45337 Novell's CNE Study Set for intraNetWare/NetWare 4.11 0% Of 
4537X Novell's Internet Plumbing Handbook al’ Oft 

4540X Novell’s Guide to BorderManager 
45485  Novell’s Certified Web Designer Study Guide NEW! 
45493 Novell’s Certified Internet Business Strategist Study Guide 
45507 Novell’s Guide to Resolving Critical Server Issues NEW! 


45523 Novell's GroupWise 5.5 User's Handbook NEW! 
290692 LearnKey’s intraNetWare 4.11 Bundle 
290899 LearnKey’s NetWare 5.0 Migration NEW! 


@ fax form to 1-801-465-4755 = © mail to Order Entry, NetWare Connection, 


PO Box 19007, Provo, UT 84605-9007 


Lbs. Total Lbs. Retail Price Our Price Total 


= 


3 
4 
5 
3 
4 
1 
6 
3 
3 
3 
5) 
4 
5 
3 
3 
0 
2 
2 
3) 
3 
3 
3 
2 
7 
2 


Please fill in Novell advanced technical training video orders below: 


Qty. ISBN 


Total weight UPS Ground 
1-3 Ibs. Add $4.50 US 
4-6 lbs. Add $6.50 US 

7-9 lbs. Add $8.50 US 
10-12 Ibs. Add $10.50 US 
13-15 lbs. Add $12.50 US 
16-18 lbs. Add $14.50 US 
19-30 lbs. Add $16.50 US 


*If you live outside the continental U.S., shipping charges vary; you 


will be charged accordingly. 


Product 
UPS 2-Day 

or $11.50 US 
or $13.50 US 
or $17.50 US 
or $21.50 US 
or $25.50 US 
or $28.50 US 
or $41.50 US 


(US$) 
$49.99 
$49.99 
$74.99 
$34.99 
$59.99 
$24.99 
$69.99 
$44.99 
$44.99 
$19.99 
$24.99 
$59.99 
$39.99 
$39.99 
$49.99 
$148.99 
$34.99 
$49.99 
$49.99 
$39.99 
$59.99 
$39.99 
$24.99 
$789.00 
$249.95 


(US$) 
$39.99 
$39.99 
$52.49 
$27.99 
$47.99 
$19.99 
$48.99 
$35.99 
$35.99 
$13.99 
$19.99 
$41.99 
$31.99 
$31.99 
$39.99 
$104.29 
$24.49 
$39.99 
$39.99 
$31.99 
$47.99 
$31.99 
$19.99 
$465.00 
$199.95 


Lbs. Total Lbs. Retail Price Our Price Total 


1 $59.95 $49.95 

1 $59.95 $49.95 

1 $59.95 $49.95 

1 $59.95 $49.95 
Total weight Ibs. 
Subtotal $ 
UT residents add 6.25% sales tax $ 
Add shipping charges (SEE BOX TO LEFT FOR CHARGES) $ 


NOTE: Upgrading to UPS 2-day does not guarantee that you will receive your order in two 
days. Please allow 2-3 working days for your order to be processed and 2 days for it to 
be shipped. (Please allow up to four weeks for popular items.) 


Please make all checks payable to NetWare Users International. 
Personal check orders are subject to a 10-day processing period. 


Ship To: 

Name Company Name 

Shipping Address 

City State/Province ZIP/Postal Code 
Country Phone Fax 

Payment Info (check one): 1) Visa MasterCard American Express Discover 


Cardholder Name 


Card # 


Exp. Date 


Authorized Signature 


OCT98 


Order online at http://bookstore.nwconnection.com 


NETWARE, 


CONNECTION 


ADVERTISERS’ INDEK 


ADVERTISING AREAS 


Deliver your message to the major players in 
the networking industry—network administrators, 
IS managers, network consultants, and systems 
integrators. Advertise in NetWare Connection! 


Find our advertisers 
on our web site at 


http://advertise.nwconnection.com 


AllegronGrouip ye oe eg oc ee Nn eons 5 
BindView Development Corp. .......... 7 
Biscomlner escent 18 
Castel lemme eee risccks ves sfc ccctrienauer eee 41 
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Education:Genters’ 2... ee Te 43 
Eicon Technology Corp. .............-. 17 
ForeFront:Direct-lne: ..... . . sures ete ee 19 
IBMiGOnp epee te eco Inside front cover 
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KeyLabsilinic..# foot. ca ie een 15 
EeamingWaretlics <<. 2it senses «fe 25 
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NetVisionslnciis ter yori eee tein 9 
Novelltlnese2e s.r eee 22-23, 30-31 
PowerQuest' Gorpi SS See sees 11 
Protocom Development Systems Ltd. ....... 

oP aan are AT gtotchetes eC ca SIRO Back cover 
Scholarsicom 2.275% Inside back cover 
St. Bernard Software Inc. ............. 1 


WiredRed Software Corp. .. 


AREA 1 


Kaye Young (California) 


AREA 2 


Kyle Walkenhorst 
(California) 


AREA @ 


Brian Smith (Utah) 


AREA 4 


Steve Branda 
(New Jersey) 


Tel: 1-949-551-4924 
Fax: 1-949-551-9614 


Tel: 1-213-658-1955 
Fax: 1-213-658-6178 


Tel: 1-801-465-4901 
Fax: 1-801-465-4755 


Tel: 1-201-599-0050 
Fax: 1-201-599-0070 
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A CBT Group Company 


Learning Advisors are 
online 24 hours a day, 
every day. In the Chat 


your Advisors, ask 
questions, discuss 


one help with your 
course. 


bt 


systems 


Teams of vendor-certified 


Rooms you can talk with 


scenarios and get one-on- 


ONLINE LEARNING 


| AROUND THE WORLD, AROUND THE CLOCK! 


scholars 


Join the Scholars 
Community! 


The Scholars Community is the place 
where students from around the world 
can gather to share ideas and 
experiences. The Community is the 
central focus of your learning with 
Scholars - all web-based course 
resources are accessible from it, plus 
you can interact with other students 
using the Student Union chats, 
Discussion Groups, and other 
collaborative tools. Make yourself part 
of a learning community - the Scholars 
Community! 


UNBEATABLE SUPPORT - go online 
and send email to a Learning Advisor, 
come into a chat and receive live, one- 
on-one help, or browse the Discussion 
Groups for answers to frequently asked 
questions - it’s your choice! 


- Simply the best online 
learning that meets 
your schedule - any 
_time, any day! 
fe, _ilfovell 


 B 


Authorized 
Technical 

Education 
Center 


Microsoft 


NOW OFFERING 24 HOURS A DAY, 7 DAYS A WEEK ONLINE SUPPORT! 


q 


ACCESS to 24-hour a day email, Learn- 
ing Advisor teams, Bulletin Boards, and 
Student Chats. 


QUESTIONS are sent daily to help you 
focus on the most relevant points of the 
course, plus solving help desk scenarios 
allow you to relate the material covered 
to real life situations. 


EXAM PREPARATION questions 
prepare you for the actual certification 
exams in both format and content, over 
400 in total. Scholars.com is proud to 
use the Big Red Self Test and the Official 
Microsoft Practice Test Software avail- 
able from Self Test Software. 


PRACTICE the skills you learn- 
scholars.com has web accessible servers 
loaded with Microsoft and Novell 
software available for remote 
administration, online exercises, and 
general practice for your MCSE and CNE 
training. 


CONTROL the pace of your learning. 
You can speed up, slow down or go on 
hold plus you can study at the times 
most convenient to 
you! This is all done 
with a mentor by 
your side. 


For more information, 
e-mail: 
inquiries@scholars.com 


Enroll anytime to join our team of scholars! 


www.scholars.com 


For more information, visit http://advertise.nwconnection.com. 


100% 


With access to the NetWare server console, users can do 
almost any thing — access user data, trace LAN/main - 
frame data, change configurations, destroy volumes and 
much more! Yet natively, the console is unaudited, often 
accessed through shared passwords and anyone who 
uses it has full system access — whether their duties need 


all the privileges or not. 


SecureConsole for NetWare is a file server console 


security application that adds a new level of control and 


SecureConsole 


f20.r N-e t Ware 


accountability to the NetWare server. You control what 
level of access individual users or NetWare groups have to 
your console, including what console commands they can 
use, what console applications they can see and whether 


A their actions are audited. 


With system console autolocking and screen saver 


features SecureConsole locks the server console even 


International online : ; 
when you forget, ensuring only authorised users can 
email: sales@serversystems.com 


http://www.serversystems.com access the system. 
United States 
+1 800 581 3502 


+1 800 581 3834 
Australia workstation logins use, the high level of NetWare system 


The generic/shared RCONSOLE password is no longer a 


risk! By using the same authentication process that 


+61 2 6292 9988 security is enforced upon server console operators. 
+61 2 6292 9977 
United Kingdom SecureConsole is an NDS aware product. Using the 


+44 1454 777.654 powerful global features of Novell’s NDS, SecureConsole 


FAA EIS CNIS can provide simple setup and global control of access to any 


number of server consoles. 


a = Protocom 


Development Systems Pty Ltd 


For more information, visit http://advertise.nwconnection.com. 


